CVE-2020-15203
published 2020-09-25CVE-2020-15203: In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | tensorflow | — | — |
| tensorflow | < 1.15.4 | 1.15.4 | |
| tensorflow | >= 2.0.0 < 2.0.3 | 2.0.3 | |
| tensorflow | >= 2.1.0 < 2.1.2 | 2.1.2 | |
| tensorflow | >= 2.2.0 < 2.2.1 | 2.2.1 | |
| tensorflow | >= 2.3.0 < 2.3.1 | 2.3.1 | |
| intel | optimization_for_tensorflow | >= 0 < 1.15.4 | 1.15.4 |
| intel | optimization_for_tensorflow | >= 0 < 33be22c65d86256e6826666662e40dbdfe70ee83 | 33be22c65d86256e6826666662e40dbdfe70ee83 |
| intel | optimization_for_tensorflow | >= 2.0.0 < 2.0.3 | 2.0.3 |
| intel | optimization_for_tensorflow | >= 2.1.0 < 2.1.2 | 2.1.2 |
| intel | optimization_for_tensorflow | >= 2.2.0 < 2.2.1 | 2.2.1 |
| intel | optimization_for_tensorflow | >= 2.3.0 < 2.3.1 | 2.3.1 |
| opensuse | leap | — | — |
| tensorflow | tensorflow | < 1.15.4 | 1.15.4 |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
| tensorflow | tensorflow | — | — |
OSV
Denial of Service in Tensorflow
osv·2020-09-25
CVE-2020-15203 [HIGH] Denial of Service in Tensorflow
Denial of Service in Tensorflow
### Impact
By controlling the `fill` argument of [`tf.strings.as_string`](https://www.tensorflow.org/api_docs/python/tf/strings/as_string), a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/as_string_op.cc#L68-L74
This can result in unexpected output:
```python
In [1]: tf.strings.as_string(input=[1234], width=6, fill='-')
Out[1]:
In [2]: tf.strings.as_string(input=[1234], width=6, fill='+')
Out[2]:
In [3]: tf.strings.as_string(input=[1234], width=6, fill="h")
Out[3]:
In [4]: tf.strings.as_string(input=[1234], width=6, fill="d")
Out[4]:
In [5]: tf.strings.
OSV
CVE-2020-15203: In Tensorflow before versions 1
osv·2020-09-25
CVE-2020-15203 CVE-2020-15203: In Tensorflow before versions 1
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
GHSA
Denial of Service in Tensorflow
ghsa·2020-09-25
CVE-2020-15203 [HIGH] CWE-134 Denial of Service in Tensorflow
Denial of Service in Tensorflow
### Impact
By controlling the `fill` argument of [`tf.strings.as_string`](https://www.tensorflow.org/api_docs/python/tf/strings/as_string), a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed: https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/as_string_op.cc#L68-L74
This can result in unexpected output:
```python
In [1]: tf.strings.as_string(input=[1234], width=6, fill='-')
Out[1]:
In [2]: tf.strings.as_string(input=[1234], width=6, fill='+')
Out[2]:
In [3]: tf.strings.as_string(input=[1234], width=6, fill="h")
Out[3]:
In [4]: tf.strings.as_string(input=[1234], width=6, fill="d")
Out[4]:
In [5]: tf.strings.
Debian
CVE-2020-15203: tensorflow - In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controll...
vendor_debian·2020·CVSS 7.5
CVE-2020-15203 [HIGH] CVE-2020-15203: tensorflow - In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controll...
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Scope: local
forky: resolved
sid: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlhttps://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79
2020-09-25
Published