CVE-2020-15266Improper Restriction of Operations within the Bounds of a Memory Buffer in Tensorflow

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources
Severity
7.5HIGHNVD
CNA3.7
EPSS
0.1%
top 67.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
TensorflowGoogle TensorflowIntel Optimization FOR Tensorflow
Timeline
PublishedOct 21
Latest updateNov 13

Description

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgoogle/tensorflow< 2.4.0
CVEListV5tensorflow/tensorflow< 2.4.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Float cast overflow undefined behavior2020-11-13
GHSA
Float cast overflow undefined behavior2020-11-13
CVEList
Undefined behavior in Tensorflow2020-10-21
OSV
CVE-2020-15266: In Tensorflow before version 22020-10-21

📋Vendor Advisories

1
Debian
CVE-2020-15266: tensorflow - In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_...2020
CVE-2020-15266 — Tensorflow vulnerability | cvebase