CVE-2020-15195 Heap buffer overflow in Tensorflow

2020-09-2518:40:41

CWE-122

CWE-119

GitHub_M

www.cve.org

tensorflow

heap buffer overflow

cve-2020-15195

double indexing pattern

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.005

Percentile

75.3%

JSON

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of SparseFillEmptyRowsGrad uses a double indexing pattern. It is possible for reverse_index_map(i) to be an index outside of bounds of grad_values, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.15.4"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.0.3"
      },
      {
        "status": "affected",
        "version": ">= 2.1.0, < 2.1.2"
      },
      {
        "status": "affected",
        "version": ">= 2.2.0, < 2.2.1"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.1"
      }
    ]
  }
]