Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:BIT-TENSORFLOW-2020-15206
HistoryMar 06, 2024 - 11:20 a.m.

BIT-tensorflow-2020-15206

2024-03-0611:20:32
Google
osv.dev
8
tensorflow
vulnerability
savedmodel
segfaults
data corruption
denial of service
tensorflow-serving

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow’s SavedModel protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using tensorflow-serving or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Related

veracode 1
prion 1
osv 5
cvelist 1
nvd 1
cve 1
github 1
openvas 1
suse 1
nessus 1
ibm 4
veracode
veracode
Denial Of Service (DoS)
2020-09-28 07:41:33
prion
prion
Code injection
2020-09-25 19:15:00
osv
osv
Denial of Service in Tensorflow
2020-09-25 18:28:40
CVE-2020-15206
2020-09-25 19:15:15
PYSEC-2020-321
2020-09-25 19:15:00
cvelist
cvelist
CVE-2020-15206 Denial of Service in Tensorflow
2020-09-25 18:45:51
nvd
nvd
CVE-2020-15206
2020-09-25 19:15:15
cve
cve
CVE-2020-15206
2020-09-25 19:15:15
github
github
Denial of Service in Tensorflow
2020-09-25 18:28:40
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
ibm
ibm
Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning on CP4D
2021-04-07 14:04:38
Security Bulletin: Numerous CVE entires for TensorFlow in Watson Machine Learning Community Edition
2020-10-29 21:58:10
Security Bulletin: Tensor Flow security vulnerabilities on IBM Watson Machine Learning Server
2021-04-21 15:21:19

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.003

Percentile

68.0%

JSON
Related for OSV:BIT-TENSORFLOW-2020-15206
veracode1prion1osv5cvelist1nvd1cve1github1openvas1suse1nessus1ibm4