Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2020-15207
HistorySep 25, 2020 - 7:15 p.m.

CVE-2020-15207

2020-09-2519:15:15
CWE-119
CWE-787
[email protected]
web.nvd.nist.gov
3
tensorflow-lite
negative index
vulnerability
patched
versions

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

68.3%

JSON

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python’s indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the DCHECK does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Affected configurations

Nvd
Node
googletensorflowRange<1.15.4lite
OR
googletensorflowRange2.0.02.0.3lite
OR
googletensorflowRange2.1.02.1.2lite
OR
googletensorflowRange2.2.02.2.1lite
OR
googletensorflowRange2.3.02.3.1lite
Node
opensuseleapMatch15.2
VendorProductVersionCPE
googletensorflow*cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
opensuseleap15.2cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Related

osv 6
cvelist 1
prion 1
github 1
cve 1
suse 1
nessus 1
openvas 1
ibm 4
osv
osv
PYSEC-2020-322
2020-09-25 19:15:00
PYSEC-2020-130
2020-09-25 19:15:00
PYSEC-2020-287
2020-09-25 19:15:00
cvelist
cvelist
CVE-2020-15207 Segfault and data corruption in tensorflow-lite
2020-09-25 18:45:46
prion
prion
Design/Logic Flaw
2020-09-25 19:15:00
github
github
Segfault and data corruption in tensorflow-lite
2020-09-25 18:28:43
cve
cve
CVE-2020-15207
2020-09-25 19:15:15
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
ibm
ibm
Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning Server
2021-04-21 15:21:19
Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning on CP4D
2021-04-07 14:04:38
Security Bulletin: Numerous CVE entires for TensorFlow in Watson Machine Learning Community Edition
2020-10-29 21:58:10

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.003

Percentile

68.3%

JSON
Related for NVD:CVE-2020-15207
osv6cvelist1prion1github1cve1suse1nessus1openvas1ibm4