Lucene search

GitHub_MCVE-2020-26268

HistoryDec 10, 2020 - 11:15 p.m.

CVE-2020-26268

2020-12-1023:15:12

CWE-471

GitHub_M

web.nvd.nist.gov

104

cve

2020

26268

tensorflow

memory corruption

bug fix

nvd

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:P/A:P

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

AI Score

4.8

Confidence

High

EPSS

Percentile

12.8%

JSON

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Affected configurations

Nvd

Vulners

Node

googletensorflowRange<1.15.5

googletensorflowRange2.0.0–2.0.4

googletensorflowRange2.1.0–2.1.3

googletensorflowRange2.2.0–2.2.2

googletensorflowRange2.3.0–2.3.2

VendorProductVersionCPE
googletensorflow*cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	tensorflow	*	cpe:2.3:a:google:tensorflow::::::::

CNA Affected

[
  {
    "product": "tensorflow",
    "vendor": "tensorflow",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.15.5"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.0.4"
      },
      {
        "status": "affected",
        "version": ">= 2.1.0, < 2.1.3"
      },
      {
        "status": "affected",
        "version": ">= 2.2.0, < 2.2.2"
      },
      {
        "status": "affected",
        "version": ">= 2.3.0, < 2.3.2"
      }
    ]
  }
]