Lucene search
GoogleOSV:PYSEC-2020-295HistoryOct 21, 2020 - 9:15 p.m.
PYSEC-2020-295
2020-10-2121:15:00
Google
osv.dev
13
tensorflow
version 2.4.0
parameter validation
access out of bounds
c++ kernel
patch
eccb7ec454e6617738554a255d77f08e60ee0808
EPSS
0.002
Percentile
56.9%
In Tensorflow before version 2.4.0, an attacker can pass an invalid axis value to tf.quantization.quantize_and_dequantize. This results in accessing a dimension outside the rank of the input tensor in the C++ kernel implementation. However, dim_size only does a DCHECK to validate the argument and then uses it to access the corresponding element of an array. Since in normal builds, DCHECK-like macros are no-ops, this results in segfault and access out of bounds of the array. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.
Related
nvd
nvd
CVE-2020-15265
2020-10-21 21:15:12
cve
cve
CVE-2020-15265
2020-10-21 21:15:12
prion
prion
Design/Logic Flaw
2020-10-21 21:15:00
osv
osv
Segfault in `tf.quantization.quantize_and_dequantize`
2020-11-13 17:13:04
CVE-2020-15265
2020-10-21 21:15:12
BIT-tensorflow-2020-15265
2024-03-06 11:20:21
github
github
Segfault in `tf.quantization.quantize_and_dequantize`
2020-11-13 17:13:04
veracode
veracode
Denial Of Service (DoS)
2020-10-22 04:59:49
cvelist
cvelist
CVE-2020-15265 Segfault in Tensorflow
2020-10-21 20:20:15
