Lucene search

GitHub_MCVE-2020-15190

HistorySep 25, 2020 - 7:15 p.m.

CVE-2020-15190

2020-09-2519:15:14

CWE-476

CWE-20

GitHub_M

web.nvd.nist.gov

139

tensorflow

switch operation

vulnerability

patch

nvd

cve-2020-15190

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

61.5%

JSON

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the tf.raw_ops.Switch operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is nullptr, hence we are binding a reference to nullptr. This is undefined behavior and reported as an error if compiling with -fsanitize=null. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Affected configurations

Nvd

Vulners

Node

googletensorflowRange<1.15.4-

googletensorflowRange2.0.0–2.0.3-

googletensorflowRange2.1.0–2.1.2-

googletensorflowRange2.2.0–2.2.1-

googletensorflowRange2.3.0–2.3.1-

Node

opensuseleapMatch15.2

VendorProductVersionCPE
googletensorflow*cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	tensorflow	*	cpe:2.3:a:google:tensorflow:::::-:::*
opensuse	leap	15.2	cpe:2.3:o:opensuse:leap:15.2:::::::*

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.15.4"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.0.3"
      },
      {
        "status": "affected",
        "version": ">= 2.1.0, < 2.1.2"
      },
      {
        "status": "affected",
        "version": ">= 2.2.0, < 2.2.1"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.1"
      }
    ]
  }
]