CVE-2020-15205 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Tensorflow

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

9.8CRITICALNVD

CNA9.0

EPSS

0.5%

top 32.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow +1 more

Timeline

PublishedSep 25

Description

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDgoogle/tensorflow2.0.0 — 2.0.3+4

▶CVEListV5tensorflow/tensorflow< 1.15.4+4

▶PyPIintel/optimization_for_tensorflow2.0.0 — 2.0.3+5

▶NVDopensuse/leap15.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2020-15205: In Tensorflow before versions 1↗2020-09-25

▶

GHSA

Data leak in Tensorflow↗2020-09-25

▶

CVEList

Data leak in Tensorflow↗2020-09-25

▶

OSV

Data leak in Tensorflow↗2020-09-25

▶

📋Vendor Advisories

Debian

CVE-2020-15205: tensorflow - In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_s...↗2020

▶