Lucene search

[email protected]CVE-2020-15193

HistorySep 25, 2020 - 7:15 p.m.

CVE-2020-15193

2020-09-2519:15:14

CWE-908

[email protected]

web.nvd.nist.gov

116

tensorflow

cve-2020-15193

dlpack.to_dlpack

memory corruption

security patch

nvd

5.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:P/A:P

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

6.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.6%

JSON

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

Affected configurations

Vulners

NVD

Node

tensorflowtensorflowMatch2.2.0

tensorflowtensorflowMatch2.3.0

CPENameOperatorVersion
google:tensorflowgoogle tensorfloweq2.2.0
google:tensorflowgoogle tensorfloweq2.3.0

CPE	Name	Operator	Version
google:tensorflow	google tensorflow	eq	2.2.0
google:tensorflow	google tensorflow	eq	2.3.0

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "= 2.2.0"
      },
      {
        "status": "affected",
        "version": "= 2.3.0"
      }
    ]
  }
]