CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

History

21 Nov 2024, 05:05

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - Mailing List, Third Party Advisory
References () https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453 - Patch, Third Party Advisory () https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453 - Patch, Third Party Advisory
References () https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 - Third Party Advisory () https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 - Third Party Advisory
References () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2 - Exploit, Third Party Advisory () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2 - Exploit, Third Party Advisory

18 Nov 2021, 17:27

Type Values Removed Values Added
CWE CWE-20 CWE-787

16 Sep 2021, 15:45

Type Values Removed Values Added
CPE cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - Mailing List, Third Party Advisory

17 Aug 2021, 13:21

Type Values Removed Values Added
CPE cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:lite:*:*:* cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*

Information

Published : 2020-09-25 19:15

Updated : 2024-11-21 05:05


NVD link : CVE-2020-15210

Mitre link : CVE-2020-15210

CVE.ORG link : CVE-2020-15210


JSON object : View

Products Affected

google

  • tensorflow

opensuse

  • leap
CWE
CWE-20

Improper Input Validation

CWE-787

Out-of-bounds Write