CVE-2020-15208

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 1.15.4 TensorFlow versions prior to 2.0.3 TensorFlow versions prior to 2.1.2 TensorFlow versions prior to 2.2.1 TensorFlow versions prior to 2.3.1

Description The issue arises when determining the common dimension size of two tensors. TFLite uses a DCHECK which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor, resulting in reads/writes outside of bounds.

Recommendations Upgrade to TensorFlow 1.15.4 or later Upgrade to TensorFlow 2.0.3 or later Upgrade to TensorFlow 2.1.2 or later Upgrade to TensorFlow 2.2.1 or later Upgrade to TensorFlow 2.3.1 or later

Exploit

Fix

Memory Corruption

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-125

Related Identifiers

BIT-TENSORFLOW-2020-15208

CVE-2020-15208

GHSA-MXJJ-953W-2C2V

OPENSUSE-SU-2020:1766-1

OPENSUSE-SU-2020_1766-1

OPENSUSE-SU-2024:12116-1

PYSEC-2020-131

PYSEC-2020-288

PYSEC-2020-323

Affected Products

Suse

Tensorflow

CVE-2020-15208

Weakness Enumeration

Related Identifiers

Affected Products

References · 37