ByteOS Network

NVD Vulnerability Details :

CVE-2020-15201

Analyzed

Source-security-advisories@github.com

Published At-25 Sep, 2020 | 19:15

Updated At-18 Nov, 2021 | 17:24

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Secondary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Primary	2.0	6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P

CPE Matches

Google LLC

>>tensorflow>>2.3.0

cpe:2.3:a:google:tensorflow:2.3.0:*:*:*:-:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Primary	nvd@nist.gov
CWE-122	Secondary	security-advisories@github.com
CWE-20	Secondary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02	security-advisories@github.com	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1	security-advisories@github.com	Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4	security-advisories@github.com	Exploit Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History