Buffer overflow in TensorFlow - CVE-2020-15198

 

Buffer overflow in TensorFlow - CVE-2020-15198

Published: September 25, 2020 / Updated: October 2, 2020


Vulnerability identifier: #VU47294
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15198
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: TensorFlow
Affected software:
TensorFlow

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.


How to mitigate CVE-2020-15198

Install update from vendor's website.

Sources