Lucene search

K

GoogleOSV:GHSA-JC87-6VPP-7FF3

HistorySep 25, 2020 - 6:28 p.m.

Heap buffer overflow in Tensorflow

2020-09-2518:28:22

Google

osv.dev

9

buffer overflow

tensorflow

sparse tensor

shape mismatch

patch release

EPSS

0.001

Percentile

40.5%

Impact

The SparseCountSparseOutput implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the indices tensor has the same shape as the values one. The values in these tensors are always accessed in parallel:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops.cc#L193-L195

Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers.

Patches

We have patched the issue in 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and will release a patch release.

We recommend users to upgrade to TensorFlow 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability is a variant of GHSA-p5f8-gfw5-33w4

References

github.com/tensorflow/tensorflow

github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02

github.com/tensorflow/tensorflow/releases/tag/v2.3.1

github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3

nvd.nist.gov/vuln/detail/CVE-2020-15198

EPSS

0.001

Percentile

40.5%

Related for OSV:GHSA-JC87-6VPP-7FF3

github1 osv5 prion1 cve1 veracode1 cvelist1 nvd1