CVE-2020-15208 — Out-of-bounds Read in Tensorflow

CWE-125 — Out-of-bounds Read CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

9.8CRITICALNVD

CNA7.4

EPSS

0.3%

top 43.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow +1 more

Timeline

PublishedSep 25

Description

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in bot…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDgoogle/tensorflow2.0.0 — 2.0.3+4

▶CVEListV5tensorflow/tensorflow< 1.15.4+4

▶PyPIintel/optimization_for_tensorflow2.0.0 — 2.0.3+5

▶NVDopensuse/leap15.2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Data corruption in tensorflow-lite↗2020-09-25

▶

OSV

CVE-2020-15208: In tensorflow-lite before versions 1↗2020-09-25

▶

GHSA

Data corruption in tensorflow-lite↗2020-09-25

▶

CVEList

Data corruption in tensorflow-lite↗2020-09-25

▶

📋Vendor Advisories

Debian

CVE-2020-15208: tensorflow - In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when d...↗2020

▶