CVE-2020-15198Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Tensorflow

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 61.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google TensorflowIntel Optimization FOR TensorflowTensorflow
Timeline
PublishedSep 25

Description

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.7

Affected Packages3 packages

NVDgoogle/tensorflow2.3.02.3.1
PyPIintel/optimization_for_tensorflow2.3.02.3.1+2
CVEListV5tensorflow/tensorflow>= 2.3.0, < 2.3.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
CVEList
Heap buffer overflow in Tensorflow2020-09-25
GHSA
Heap buffer overflow in Tensorflow2020-09-25
OSV
Heap buffer overflow in Tensorflow2020-09-25
OSV
CVE-2020-15198: In Tensorflow before version 22020-09-25

📋Vendor Advisories

1
Debian
CVE-2020-15198: tensorflow - In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation...2020
CVE-2020-15198 — Google Tensorflow vulnerability | cvebase