Lucene search
GoogleOSV:CVE-2020-15193HistorySep 25, 2020 - 7:15 p.m.
CVE-2020-15193
2020-09-2519:15:14
Google
osv.dev
2
0.002 Low
EPSS
Percentile
51.5%
In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.
Related
cvelist
cvelist
CVE-2020-15193 Memory corruption in Tensorflow
2020-09-25 18:40:51
osv
osv
BIT-tensorflow-2020-15193
2024-03-06 11:20:48
PYSEC-2020-308
2020-09-25 19:15:00
PYSEC-2020-273
2020-09-25 19:15:00
veracode
veracode
Arbitrary Code Execution
2020-09-28 02:05:10
prion
prion
Memory corruption
2020-09-25 19:15:00
nvd
nvd
CVE-2020-15193
2020-09-25 19:15:14
cve
cve
CVE-2020-15193
2020-09-25 19:15:14
github
github
Memory corruption in Tensorflow
2020-09-25 18:28:27
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
