CVE-2020-15195
published 2020-09-25CVE-2020-15195: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 1.15.4 | 1.15.4 | |
| tensorflow | >= 2.0.0 < 2.0.3 | 2.0.3 | |
| tensorflow | >= 2.1.0 < 2.1.2 | 2.1.2 | |
| tensorflow | >= 2.2.0 < 2.2.1 | 2.2.1 | |
| tensorflow | >= 2.3.0 < 2.3.1 | 2.3.1 | |
| intel | optimization_for_tensorflow | >= 0 < 1.15.4 | 1.15.4 |
| intel | optimization_for_tensorflow | >= 0 < 390611e0d45c5793c7066110af37c8514e6a6c54 | 390611e0d45c5793c7066110af37c8514e6a6c54 |
| intel | optimization_for_tensorflow | >= 2.0.0 < 2.0.3 | 2.0.3 |
| intel | optimization_for_tensorflow | >= 2.1.0 < 2.1.2 | 2.1.2 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.1 | 2.2.1 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.1 | 2.3.1 |
| opensuse | leap | — | — |
| tensorflow | tensorflow | < 1.15.4 | 1.15.4 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
GHSA
Heap buffer overflow in Tensorflow
ghsa·2020-09-25
CVE-2020-15195 [MEDIUM] CWE-119 Heap buffer overflow in Tensorflow
Heap buffer overflow in Tensorflow
### Impact
The implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L263-L269
It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow.
### Patches
We have patched the issue in 390611e0d45c5793c7066110af37c8514e6a6c54 and will release a patch release for all affected versions.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
### For more information
Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding t
OSV
CVE-2020-15195: In Tensorflow before versions 1
osv·2020-09-25
CVE-2020-15195 CVE-2020-15195: In Tensorflow before versions 1
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
OSV
Heap buffer overflow in Tensorflow
osv·2020-09-25
CVE-2020-15195 [MEDIUM] Heap buffer overflow in Tensorflow
Heap buffer overflow in Tensorflow
### Impact
The implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/sparse_fill_empty_rows_op.cc#L263-L269
It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow.
### Patches
We have patched the issue in 390611e0d45c5793c7066110af37c8514e6a6c54 and will release a patch release for all affected versions.
We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
### For more information
Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding t
Debian
CVE-2020-15195: tensorflow - In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the impleme...
vendor_debian·2020·CVSS 8.5
CVE-2020-15195 [HIGH] CVE-2020-15195: tensorflow - In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the impleme...
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Scope: local
forky: resolved
sid: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqrhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr
2020-09-25
Published