Lucene search

GitHub Advisory DatabaseGHSA-G7P5-5759-QV46

HistorySep 25, 2020 - 6:28 p.m.

Data leak in Tensorflow

2020-09-2518:28:38

CWE-119

CWE-122

CWE-787

GitHub Advisory Database

github.com

tensorflow

data leak

unvalidated argument

heap overflow

memory leak

patched issue

security guide

aivul team

qihoo 360.

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.1%

JSON

Impact

The data_splits argument of tf.raw_ops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory

&gt;&gt;&gt; tf.raw_ops.StringNGrams(data=["aa", "bb", "cc", "dd", "ee", "ff"], data_splits=[0,8], separator=" ", ngram_widths=[3], left_pad="", right_pad="", pad_width=0, preserve_short_sequences=False)
StringNGrams(ngrams=&lt;tf.Tensor: shape=(6,), dtype=string, numpy=
array([b'aa bb cc', b'bb cc dd', b'cc dd ee', b'dd ee ff',
       b'ee ff \xf4j\xa7q\x7f\x00\x00q\x00\x00\x00\x00\x00\x00\x00\xd8\x9b~\xa8q\x7f\x00',
       b'ff \xf4j\xa7q\x7f\x00\x00q\x00\x00\x00\x00\x00\x00\x00\xd8\x9b~\xa8q\x7f\x00 \x9b~\xa8q\x7f\x00\x00p\xf5j\xa7q\x7f\x00\x00H\xf8j\xa7q\x7f\x00\x00\xf0\xf3\xf7\x85q\x7f\x00\x00`}\xa6\x00\x00\x00\x00\x00`~\xa6\x00\x00\x00\x00\x00\xb0~\xeb\x9bq\x7f\x00'],...

All the binary strings after ee ff are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR.

Patches

We have patched the issue in 0462de5b544ed4731aa2fb23946ac22c01856b80 and will release patch releases for all versions between 1.15 and 2.3.

We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Affected configurations

Vulners

Node

tensorflow-gpuMatch2.3.0

tensorflow-gpuMatch2.2.0

tensorflow-gpuRange2.1.0–2.1.2

tensorflow-gpuRange2.0.0–2.0.3

tensorflow-gpuRange<1.15.4

tensorflow-cpuMatch2.3.0

tensorflow-cpuMatch2.2.0

tensorflow-cpuRange2.1.0–2.1.2

tensorflow-cpuRange2.0.0–2.0.3

tensorflow-cpuRange<1.15.4

tensorflowtensorflowMatch2.3.0

tensorflowtensorflowMatch2.2.0

tensorflowtensorflowRange2.1.0–2.1.2

tensorflowtensorflowRange2.0.0–2.0.3

tensorflowtensorflowRange<1.15.4

VendorProductVersionCPE
*tensorflow-gpu2.3.0cpe:2.3:a:*:tensorflow-gpu:2.3.0:*:*:*:*:*:*:*
*tensorflow-gpu2.2.0cpe:2.3:a:*:tensorflow-gpu:2.2.0:*:*:*:*:*:*:*
*tensorflow-gpu*cpe:2.3:a:*:tensorflow-gpu:*:*:*:*:*:*:*:*
*tensorflow-cpu2.3.0cpe:2.3:a:*:tensorflow-cpu:2.3.0:*:*:*:*:*:*:*
*tensorflow-cpu2.2.0cpe:2.3:a:*:tensorflow-cpu:2.2.0:*:*:*:*:*:*:*
*tensorflow-cpu*cpe:2.3:a:*:tensorflow-cpu:*:*:*:*:*:*:*:*
tensorflowtensorflow2.3.0cpe:2.3:a:tensorflow:tensorflow:2.3.0:*:*:*:*:*:*:*
tensorflowtensorflow2.2.0cpe:2.3:a:tensorflow:tensorflow:2.2.0:*:*:*:*:*:*:*
tensorflowtensorflow*cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	tensorflow-gpu	2.3.0	cpe:2.3:a::tensorflow-gpu:2.3.0:::::::
*	tensorflow-gpu	2.2.0	cpe:2.3:a::tensorflow-gpu:2.2.0:::::::
*	tensorflow-gpu	*	cpe:2.3:a::tensorflow-gpu::::::::*
*	tensorflow-cpu	2.3.0	cpe:2.3:a::tensorflow-cpu:2.3.0:::::::
*	tensorflow-cpu	2.2.0	cpe:2.3:a::tensorflow-cpu:2.2.0:::::::
*	tensorflow-cpu	*	cpe:2.3:a::tensorflow-cpu::::::::*
tensorflow	tensorflow	2.3.0	cpe:2.3:a:tensorflow:tensorflow:2.3.0:::::::*
tensorflow	tensorflow	2.2.0	cpe:2.3:a:tensorflow:tensorflow:2.2.0:::::::*
tensorflow	tensorflow	*	cpe:2.3:a:tensorflow:tensorflow::::::::