CVE-2020-15213

Name of the Vulnerable Software and Affected Versions TensorFlow Lite versions prior to 2.2.1 TensorFlow Lite versions prior to 2.3.1

Description The issue allows attackers to trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. This is possible because the code uses the last element of the tensor holding segment ids to determine the dimensionality of the output tensor, and attackers can use a very large value to trigger a large allocation.

Recommendations For versions prior to 2.2.1, upgrade to TensorFlow 2.2.1. For versions prior to 2.3.1, upgrade to TensorFlow 2.3.1. As a temporary workaround, consider adding a custom Verifier to limit the maximum value in the segment ids tensor, but this only handles the case when the segment ids are stored statically in the model. If the segment ids are generated as outputs of a tensor during inference steps, there are no possible workarounds and users are advised to upgrade to patched code.