Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-15203
HistorySep 25, 2020 - 7:15 p.m.

CVE-2020-15203

2020-09-2519:15:15
CWE-134
CWE-20
[email protected]
web.nvd.nist.gov
136
cve
2020
15203
tensorflow
format string vulnerability
security issue
patch
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Affected configurations

Vulners
NVD
Node
tensorflowtensorflowRange<1.15.4
OR
tensorflowtensorflowRange2.0.02.0.3
OR
tensorflowtensorflowRange2.1.02.1.2
OR
tensorflowtensorflowRange2.2.02.2.1
OR
tensorflowtensorflowRange2.3.02.3.1

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.15.4"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.0.3"
      },
      {
        "status": "affected",
        "version": ">= 2.1.0, < 2.1.2"
      },
      {
        "status": "affected",
        "version": ">= 2.2.0, < 2.2.1"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.1"
      }
    ]
  }
]

Related

osv 6
veracode 1
prion 1
nvd 1
cvelist 1
github 1
suse 1
nessus 1
openvas 1
ibm 4
osv
osv
CVE-2020-15203
2020-09-25 19:15:15
BIT-tensorflow-2020-15203
2024-03-06 11:20:36
PYSEC-2020-126
2020-09-25 19:15:00
veracode
veracode
Format String Attack
2020-09-28 03:25:43
prion
prion
Format string
2020-09-25 19:15:00
nvd
nvd
CVE-2020-15203
2020-09-25 19:15:15
cvelist
cvelist
CVE-2020-15203 Denial of Service in Tensorflow
2020-09-25 18:46:08
github
github
Denial of Service in Tensorflow
2020-09-25 18:28:37
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
ibm
ibm
Security Bulletin: Numerous CVE entires for TensorFlow in Watson Machine Learning Community Edition
2020-10-29 21:58:10
Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning on CP4D
2021-04-07 14:04:38
Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning Server
2021-04-21 15:21:19

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.8%

JSON
Related for CVE-2020-15203
osv6veracode1prion1nvd1cvelist1github1suse1nessus1openvas1ibm4