CVE-2020-15210 - OpenCVE

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Tensorflow
Opensuse	Leap

Configuration 1 [-]

OR	cpe:2.3:a:google:tensorflow:::::lite:::*
	cpe:2.3:a:google:tensorflow:::::lite:::*
	cpe:2.3:a:google:tensorflow:::::lite:::*
	cpe:2.3:a:google:tensorflow:::::lite:::*
	cpe:2.3:a:google:tensorflow:::::lite:::*

Configuration 2 [-]

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-09-25T18:45:30

Updated: 2024-08-04T13:08:22.871Z

Reserved: 2020-06-25T00:00:00

Link: CVE-2020-15210

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-09-25T19:15:16.307

Modified: 2021-11-18T17:27:43.563

Link: CVE-2020-15210

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "tensorflow", "vendor": "tensorflow", "versions": [{"status": "affected", "version": "< 1.15.4"}, {"status": "affected", "version": ">= 2.0.0, < 2.0.3"}, {"status": "affected", "version": ">= 2.1.0, < 2.1.2"}, {"status": "affected", "version": ">= 2.2.0, < 2.2.1"}, {"status": "affected", "version": ">= 2.3.0, < 2.3.1"}]}], "descriptions": [{"lang": "en", "value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "{\"CWE-20\":\"Improper Input Validation\"}", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-29T15:06:19", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"}, {"name": "openSUSE-SU-2020:1766", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"}], "source": {"advisory": "GHSA-x9j7-x98r-r4w2", "discovery": "UNKNOWN"}, "title": "Segmentation fault in tensorflow-lite", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15210", "STATE": "PUBLIC", "TITLE": "Segmentation fault in tensorflow-lite"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "tensorflow", "version": {"version_data": [{"version_value": "< 1.15.4"}, {"version_value": ">= 2.0.0, < 2.0.3"}, {"version_value": ">= 2.1.0, < 2.1.2"}, {"version_value": ">= 2.2.0, < 2.2.1"}, {"version_value": ">= 2.3.0, < 2.3.1"}]}}]}, "vendor_name": "tensorflow"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "{\"CWE-20\":\"Improper Input Validation\"}"}]}]}, "references": {"reference_data": [{"name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"}, {"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2", "refsource": "CONFIRM", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"}, {"name": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453", "refsource": "MISC", "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"}, {"name": "openSUSE-SU-2020:1766", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"}]}, "source": {"advisory": "GHSA-x9j7-x98r-r4w2", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.871Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"}, {"name": "openSUSE-SU-2020:1766", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15210", "datePublished": "2020-09-25T18:45:30", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.871Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*", "matchCriteriaId": "7A5421A9-693F-472A-9A21-43950C884C77", "versionEndExcluding": "1.15.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*", "matchCriteriaId": "B0FEB74E-5E54-4A2F-910C-FA1812C73DB2", "versionEndExcluding": "2.0.3", "versionStartIncluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*", "matchCriteriaId": "47D83682-6615-49BC-8043-F36B9D017578", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*", "matchCriteriaId": "323B716A-E8F7-4CDA-B8FD-A56977D59C02", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*", "matchCriteriaId": "C09502A8-B667-4867-BEBD-40333E98A601", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."}, {"lang": "es", "value": "En tensorflow-lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, si un modelo guardado de TFLite usa el mismo tensor como entrada y salida de un operador, entonces, dependiendo del operador, podemos observar un fallo de segmentaci\u00f3n o solo una corrupci\u00f3n de la memoria. Hemos parcheado el problema en d58c96946b y publicaremos parches para todas las versiones entre 1.15 y 2.3. Recomendamos a los usuarios que actualicen a TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1"}], "id": "CVE-2020-15210", "lastModified": "2021-11-18T17:27:43.563", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2020-09-25T19:15:16.307", "references": [{"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}