ByteOS Network

Vulnerability Details :

CVE-2020-15205

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-25 Sep, 2020 | 18:45

Updated At-04 Aug, 2024 | 13:08

Data leak in Tensorflow

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:GitHub_M

Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa

Published At:25 Sep, 2020 | 18:45

Updated At:04 Aug, 2024 | 13:08

▼CVE Numbering Authority (CNA)

Data leak in Tensorflow

Affected Products

Vendor

TensorFlow

Product

tensorflow

Versions

Affected

< 1.15.4
>= 2.0.0, < 2.0.3
>= 2.1.0, < 2.1.2
>= 2.2.0, < 2.2.1
>= 2.3.0, < 2.3.1

Problem Types

Type	CWE ID	Description
CWE	CWE-122	{"CWE-122":"Heap-based Buffer Overflow"}
CWE	CWE-119	{"CWE-119":"Improper Restriction of Operations within the Bounds of a Memory Buffer"}

Type: CWE

CWE ID: CWE-122

Description: {"CWE-122":"Heap-based Buffer Overflow"}

Type: CWE

CWE ID: CWE-119

Description: {"CWE-119":"Improper Restriction of Operations within the Bounds of a Memory Buffer"}

Metrics

Version	Base score	Base severity	Vector
3.1	9.0	CRITICAL	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Version: 3.1

Base score: 9.0

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

References

Hyperlink	Resource
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1	x_refsource_MISC
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46	x_refsource_CONFIRM
https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html	vendor-advisory x_refsource_SUSE

Hyperlink: https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1

Resource:

x_refsource_MISC

Hyperlink: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80

Resource:

x_refsource_MISC

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html

Resource:

vendor-advisory

x_refsource_SUSE

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1	x_refsource_MISC x_transferred
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46	x_refsource_CONFIRM x_transferred
https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80	x_refsource_MISC x_transferred
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html	vendor-advisory x_refsource_SUSE x_transferred

Hyperlink: https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security-advisories@github.com

Published At:25 Sep, 2020 | 19:15

Updated At:18 Nov, 2021 | 17:27

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	9.0	CRITICAL	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

Type: Primary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.0

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 7.5

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Google LLC

>>tensorflow>>Versions before 1.15.4(exclusive)

cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*

Google LLC

>>tensorflow>>Versions from 2.0.0(inclusive) to 2.0.3(exclusive)

cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*

Google LLC

>>tensorflow>>Versions from 2.1.0(inclusive) to 2.1.2(exclusive)

cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*

Google LLC

>>tensorflow>>Versions from 2.2.0(inclusive) to 2.2.1(exclusive)

cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*

Google LLC

>>tensorflow>>Versions from 2.3.0(inclusive) to 2.3.1(exclusive)

cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*

openSUSE

>>leap>>15.2

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-119	Secondary	security-advisories@github.com
CWE-122	Secondary	security-advisories@github.com

CWE ID: CWE-787

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-119

Type: Secondary