CVE-2020-15195
25.09.2020, 19:15
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.Enginsight
| Vendor | Product | Version |
|---|---|---|
| tensorflow | 𝑥 < 1.15.4 | |
| tensorflow | 2.0.0 ≤ 𝑥 < 2.0.3 | |
| tensorflow | 2.1.0 ≤ 𝑥 < 2.1.2 | |
| tensorflow | 2.2.0 ≤ 𝑥 < 2.2.1 | |
| tensorflow | 2.3.0 ≤ 𝑥 < 2.3.1 | |
| opensuse | leap | 15.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-119 - Improper Restriction of Operations within the Bounds of a Memory BufferThe software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
References