Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Published

2020-09-25T19:15:16.307

Last Modified

2024-11-21T05:05:05.720

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-20
Type: Primary
CWE-787

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	tensorflow	< 1.15.4	Yes
Application	google	tensorflow	< 2.0.3	Yes
Application	google	tensorflow	< 2.1.2	Yes
Application	google	tensorflow	< 2.2.1	Yes
Application	google	tensorflow	< 2.3.1	Yes
Operating System	opensuse	leap	15.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html Mailing List, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453 Patch, Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 Third Party Advisory ([email protected])
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2 Exploit, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)