Lucene search

GoogleOSV:BIT-TENSORFLOW-2020-15194

HistoryMar 06, 2024 - 11:20 a.m.

BIT-tensorflow-2020-15194

2024-03-0611:20:47

Google

osv.dev

tensorflow

security

incomplete validation

denial of service

patched

commit

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

6.5 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.2%

JSON

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverse_index_map_t and grad_values_t are accessed in a similar pattern, only reverse_index_map_t is validated to be of proper shape. Hence, malicious users can pass a bad grad_values_t to trigger an assertion failure in vec, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."

CPENameOperatorVersion
tensorflowge2.2.0
tensorflowlt2.1.2
tensorflowlt2.0.3
tensorflowlt2.3.1
tensorflowge2.1.0
tensorflowge2.0.0
tensorflowlt2.2.1
tensorflowlt1.15.4
tensorflowge2.3.0

Name	Operator	Version
tensorflow	ge	2.2.0
tensorflow	lt	2.1.2
tensorflow	lt	2.0.3
tensorflow	lt	2.3.1
tensorflow	ge	2.1.0
tensorflow	ge	2.0.0
tensorflow	lt	2.2.1
tensorflow	lt	1.15.4
tensorflow	ge	2.3.0