CVE-2020-15265Out-of-bounds Read in Tensorflow

CWE-125Out-of-bounds Read6 documents5 sources
Severity
7.5HIGHNVD
CNA5.9
EPSS
0.2%
top 53.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TensorflowGoogle TensorflowIntel Optimization FOR Tensorflow
Timeline
PublishedOct 21
Latest updateNov 13

Description

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, `DCHECK`-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is pa

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgoogle/tensorflow< 2.4.0
CVEListV5tensorflow/tensorflow< 2.4.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
Segfault in `tf.quantization.quantize_and_dequantize`2020-11-13
OSV
Segfault in `tf.quantization.quantize_and_dequantize`2020-11-13
OSV
CVE-2020-15265: In Tensorflow before version 22020-10-21
CVEList
Segfault in Tensorflow2020-10-21

📋Vendor Advisories

1
Debian
CVE-2020-15265: tensorflow - In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value...2020
CVE-2020-15265 — Out-of-bounds Read in Tensorflow | cvebase