CVE-2020-15210
Summary
| CVE | CVE-2020-15210 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-09-25 19:15:00 UTC |
| Updated | 2021-11-18 17:27:00 UTC |
| Description | In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Segmentation fault and/or data corruption due to invalid TFLite model · Advisory · tensorflow/tensorflow · GitHub |
CONFIRM |
github.com |
Exploit, Third Party Advisory |
| Release TensorFlow 2.3.1 · tensorflow/tensorflow · GitHub |
MISC |
github.com |
Third Party Advisory |
| [security-announce] openSUSE-SU-2020:1766-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| [tflite] Ensure inputs and outputs don't overlap. · tensorflow/tensorflow@d58c969 · GitHub |
MISC |
github.com |
Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 980058 Python (pip) Security Update for tensorflow (GHSA-x9j7-x98r-r4w2)