CVE-2020-26269Out-of-bounds Read in Intel Optimization FOR Tensorflow

CWE-125Out-of-bounds Read6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 65.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Intel Optimization FOR TensorflowTensorflowGoogle Tensorflow
Timeline
PublishedDec 10
Latest updateOct 7

Description

In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

PyPIintel/optimization_for_tensorflow2.4.0rc02.4.0+1
CVEListV5tensorflow/tensorflow.4.0rc*

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching2022-10-07
OSV
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching2022-10-07
CVEList
Heap out of bounds read in filesystem glob matching in TensorFlow2020-12-10
OSV
CVE-2020-26269: In TensorFlow release candidate versions 22020-12-10

📋Vendor Advisories

1
Debian
CVE-2020-26269: tensorflow - In TensorFlow release candidate versions 2.4.0rc*, the general implementation fo...2020
CVE-2020-26269 — Out-of-bounds Read in Intel | cvebase