CVE-2020-15266
Summary
| CVE | CVE-2020-15266 |
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-21 21:15:00 UTC |
| Updated | 2021-11-18 16:25:00 UTC |
| Description | In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Float cast overflow undefined behavior · Advisory · tensorflow/tensorflow · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| Fix segmentation fault in tf.image.crop_and_resize when boxes is inf or nan by yongtang · Pull Request #42143 · tensorflow/tensorflow · GitHub |
CONFIRM |
github.com |
Patch, Third Party Advisory |
| segfault in `tf.image.crop_and_resize` when `boxes` contains large value · Issue #42129 · tensorflow/tensorflow · GitHub |
CONFIRM |
github.com |
Exploit, Patch, Third Party Advisory |
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981459 Python (pip) Security Update for tensorflow-gpu (GHSA-xwhf-g6j5-j5gc)