Lucene search
GoogleOSV:CVE-2020-26267HistoryDec 10, 2020 - 11:15 p.m.
CVE-2020-26267
2020-12-1023:15:12
Google
osv.dev
4
tensorflow
dataformatvecpermute
security vulnerability
EPSS
0.001
Percentile
18.0%
In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Related
osv
osv
BIT-tensorflow-2020-26267
2024-03-06 11:20:17
PYSEC-2020-333
2020-12-10 23:15:00
Lack of validation in data format attributes in TensorFlow
2020-12-10 19:07:26
prion
prion
Out-of-bounds
2020-12-10 23:15:00
cvelist
cvelist
CVE-2020-26267 Lack of validation in data format attributes in TensorFlow
2020-12-10 22:10:40
veracode
veracode
Denial Of Service (DoS)
2020-12-11 03:20:12
github
github
Lack of validation in data format attributes in TensorFlow
2020-12-10 19:07:26
cve
cve
CVE-2020-26267
2020-12-10 23:15:12
nvd
nvd
CVE-2020-26267
2020-12-10 23:15:12
archlinux
archlinux
[ASA-202012-22] tensorflow: multiple issues
2020-12-16 00:00:00
ibm
ibm
suse
suse
Security update for tensorflow2 (moderate)
2022-06-18 00:00:00
nessus
nessus
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
2022-06-19 00:00:00