Lucene search
GoogleOSV:PYSEC-2020-126HistorySep 25, 2020 - 7:15 p.m.
PYSEC-2020-126
2020-09-2519:15:00
Google
osv.dev
9
tensorflow
format string
vulnerability
patched
segmentation fault
EPSS
0.003
Percentile
65.7%
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the fill argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a printf call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Related
osv
osv
BIT-tensorflow-2020-15203
2024-03-06 11:20:36
CVE-2020-15203
2020-09-25 19:15:15
PYSEC-2020-283
2020-09-25 19:15:00
prion
prion
Format string
2020-09-25 19:15:00
veracode
veracode
Format String Attack
2020-09-28 03:25:43
nvd
nvd
CVE-2020-15203
2020-09-25 19:15:15
cvelist
cvelist
CVE-2020-15203 Denial of Service in Tensorflow
2020-09-25 18:46:08
github
github
Denial of Service in Tensorflow
2020-09-25 18:28:37
cve
cve
CVE-2020-15203
2020-09-25 19:15:15
suse
suse
Security update for tensorflow2 (moderate)
2020-10-29 00:00:00
nessus
nessus
openSUSE Security Update : tensorflow2 (openSUSE-2020-1766)
2020-10-30 00:00:00
openvas
openvas
openSUSE: Security Advisory for tensorflow2 (openSUSE-SU-2020:1766-1)
2020-10-30 00:00:00
