Vulnerability-Lookup

CVE-2020-5215 (GCVE-0-2020-5215)

Vulnerability from cvelistv5 – Published: 2020-01-28 21:20 – Updated: 2024-08-04 08:22

Title

Segmentation faultin TensorFlow when converting a Python string to tf.float16

Summary

In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.

Severity ?

5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Assigner

GitHub_M

References

URL

Tags

	https://github.com/tensorflow/tensorflow/security…	x_refsource_CONFIRM
	https://github.com/tensorflow/tensorflow/commit/5…	x_refsource_MISC
	https://github.com/tensorflow/tensorflow/releases…	x_refsource_MISC
	https://github.com/tensorflow/tensorflow/releases…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	TensorFlow	TensorFlow	Affected: < 1.15.2 Affected: = 2.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.071Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "TensorFlow",
          "vendor": "TensorFlow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.2"
            },
            {
              "status": "affected",
              "version": "= 2.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-28T21:20:15",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
        }
      ],
      "source": {
        "advisory": "GHSA-977j-xj7q-2jr9",
        "discovery": "UNKNOWN"
      },
      "title": "Segmentation faultin TensorFlow when converting a Python string to tf.float16",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5215",
          "STATE": "PUBLIC",
          "TITLE": "Segmentation faultin TensorFlow when converting a Python string to tf.float16"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "TensorFlow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.15.2"
                          },
                          {
                            "version_value": "= 2.0.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "TensorFlow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-977j-xj7q-2jr9",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5215",
    "datePublished": "2020-01-28T21:20:15",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.071Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.15.2\", \"matchCriteriaId\": \"A06443A2-7C96-4B0D-A014-3CE4692A5818\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"2.0.0\", \"versionEndExcluding\": \"2.0.1\", \"matchCriteriaId\": \"0E24E496-9BD4-43D3-80F9-9619815BAD03\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\\\"hello\\\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.\"}, {\"lang\": \"es\", \"value\": \"En TensorFlow versiones anteriores a 1.15.2 y 2.0.1, la conversi\\u00f3n de una cadena (de Python) a un valor tf.float16 resulta en un fallo de segmentaci\\u00f3n en modo eager, ya que las comprobaciones de formato para este caso de uso solo est\\u00e1n en el modo graph. Este problema puede conllevar a una denegaci\\u00f3n de servicio en inference/training, donde un atacante malicioso puede enviar un punto de datos que contiene una cadena en lugar de un valor tf.float16. Efectos similares pueden ser obtenidos mediante la manipulaci\\u00f3n de modelos guardados y puntos de control por los cuales se reemplaza un valor escalar tf.float16 por una cadena escalar, este problema se desencadenar\\u00e1 debido a las conversiones autom\\u00e1ticas. Esto puede ser reproducido f\\u00e1cilmente mediante tf.constant(\\\"hello\\\", tf.float16), si una ejecuci\\u00f3n eager es habilitada. Este problema es parcheado en TensorFlow versiones 1.15.1 y 2.0.1 con esta vulnerabilidad parcheada. TensorFlow versi\\u00f3n 2.1.0 fue publicada despu\\u00e9s de que corregimos el problema, por lo que no est\\u00e1 afectado. Se incentiva a los usuarios a cambiar a TensorFlow versiones 1.15.1, 2.0.1 o 2.1.0.\"}]",
      "id": "CVE-2020-5215",
      "lastModified": "2024-11-21T05:33:41.743",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\", \"baseScore\": 5.0, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.8, \"impactScore\": 3.7}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-01-28T22:15:11.090",
      "references": "[{\"url\": \"https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-754\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-5215\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2020-01-28T22:15:11.090\",\"lastModified\":\"2024-11-21T05:33:41.743\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\\\"hello\\\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.\"},{\"lang\":\"es\",\"value\":\"En TensorFlow versiones anteriores a 1.15.2 y 2.0.1, la conversi\u00f3n de una cadena (de Python) a un valor tf.float16 resulta en un fallo de segmentaci\u00f3n en modo eager, ya que las comprobaciones de formato para este caso de uso solo est\u00e1n en el modo graph. Este problema puede conllevar a una denegaci\u00f3n de servicio en inference/training, donde un atacante malicioso puede enviar un punto de datos que contiene una cadena en lugar de un valor tf.float16. Efectos similares pueden ser obtenidos mediante la manipulaci\u00f3n de modelos guardados y puntos de control por los cuales se reemplaza un valor escalar tf.float16 por una cadena escalar, este problema se desencadenar\u00e1 debido a las conversiones autom\u00e1ticas. Esto puede ser reproducido f\u00e1cilmente mediante tf.constant(\\\"hello\\\", tf.float16), si una ejecuci\u00f3n eager es habilitada. Este problema es parcheado en TensorFlow versiones 1.15.1 y 2.0.1 con esta vulnerabilidad parcheada. TensorFlow versi\u00f3n 2.1.0 fue publicada despu\u00e9s de que corregimos el problema, por lo que no est\u00e1 afectado. Se incentiva a los usuarios a cambiar a TensorFlow versiones 1.15.1, 2.0.1 o 2.1.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L\",\"baseScore\":5.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":3.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.15.2\",\"matchCriteriaId\":\"A06443A2-7C96-4B0D-A014-3CE4692A5818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.0.0\",\"versionEndExcluding\":\"2.0.1\",\"matchCriteriaId\":\"0E24E496-9BD4-43D3-80F9-9619815BAD03\"}]}]}],\"references\":[{\"url\":\"https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

GSD-2020-5215

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-5215

Aliases

CVE-2020-5215

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-5215",
    "description": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
    "id": "GSD-2020-5215"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-5215"
      ],
      "details": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
      "id": "GSD-2020-5215",
      "modified": "2023-12-13T01:22:03.896802Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-5215",
        "STATE": "PUBLIC",
        "TITLE": "Segmentation faultin TensorFlow when converting a Python string to tf.float16"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "TensorFlow",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003c 1.15.2"
                        },
                        {
                          "version_value": "= 2.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "TensorFlow"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-754 Improper Check for Unusual or Exceptional Conditions"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
            "refsource": "CONFIRM",
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
          },
          {
            "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
            "refsource": "MISC",
            "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-977j-xj7q-2jr9",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003c1.15.2||==2.0.0",
          "affected_versions": "All versions before 1.15.2, version 2.0.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2021-01-08",
          "description": "In TensorFlow before 1.15.2 and 2.0.1, converting a string to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant, if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
          "fixed_versions": [
            "1.15.2",
            "2.0.1"
          ],
          "identifier": "CVE-2020-5215",
          "identifiers": [
            "GHSA-977j-xj7q-2jr9",
            "CVE-2020-5215"
          ],
          "not_impacted": "All versions starting from 1.15.2 before 2.0.0, all versions after 2.0.0",
          "package_slug": "pypi/tensorflow-cpu",
          "pubdate": "2020-01-28",
          "solution": "Upgrade to versions 1.15.2, 2.0.1 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
            "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
            "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5215",
            "https://github.com/advisories/GHSA-977j-xj7q-2jr9"
          ],
          "uuid": "cb9df8ba-6dad-4a96-a5e6-c0639b47e6d5"
        },
        {
          "affected_range": "\u003c1.15.2||==2.0.0",
          "affected_versions": "All versions before 1.15.2, version 2.0.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2021-01-08",
          "description": "In TensorFlow before 1.15.2 and 2.0.1, converting a string to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant, if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
          "fixed_versions": [
            "1.15.2",
            "2.0.1"
          ],
          "identifier": "CVE-2020-5215",
          "identifiers": [
            "GHSA-977j-xj7q-2jr9",
            "CVE-2020-5215"
          ],
          "not_impacted": "All versions starting from 1.15.2 before 2.0.0, all versions after 2.0.0",
          "package_slug": "pypi/tensorflow-gpu",
          "pubdate": "2020-01-28",
          "solution": "Upgrade to versions 1.15.2, 2.0.1 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
            "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
            "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
            "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5215",
            "https://github.com/advisories/GHSA-977j-xj7q-2jr9"
          ],
          "uuid": "88e0ea00-da28-4063-aab7-a48008f2c927"
        },
        {
          "affected_range": "\u003c1.15.2||\u003e=2.0.0,\u003c2.0.1",
          "affected_versions": "All versions before 1.15.2, all versions starting from 2.0.0 before 2.0.1",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-20",
            "CWE-937"
          ],
          "date": "2020-02-05",
          "description": "In TensorFlow converting a string (from Python) to a `tf.float16` value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by `tf.constant(\"hello\", tf.float16)`, if eager execution is enabled.",
          "fixed_versions": [
            "1.15.2",
            "2.0.1"
          ],
          "identifier": "CVE-2020-5215",
          "identifiers": [
            "CVE-2020-5215",
            "GHSA-977j-xj7q-2jr9"
          ],
          "not_impacted": "All versions starting from 1.15.2 before 2.0.0, all versions starting from 2.0.1",
          "package_slug": "pypi/tensorflow",
          "pubdate": "2020-01-28",
          "solution": "Upgrade to versions 1.15.2, 2.0.1 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-5215"
          ],
          "uuid": "595e5f7b-73de-4efe-9cd9-8daab1f9c986"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.15.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.1",
                "versionStartIncluding": "2.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5215"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-02-05T21:02Z",
      "publishedDate": "2020-01-28T22:15Z"
    }
  }
}

CNVD-2020-04913

Vulnerability from cnvd - Published: 2020-02-13

Title

Google TensorFlow代码问题漏洞

Description

TensorFlow是一套用于机器学习的端到端开源平台。 Google TensorFlow中存在代码问题漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

Google TensorFlow代码问题漏洞的补丁

Patch Description

TensorFlow是一套用于机器学习的端到端开源平台。 Google TensorFlow中存在代码问题漏洞。该漏洞源于网络系统或产品未对输入的数据进行正确的验证。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9

Reference

https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf

Impacted products

Name
Google Google TensorFlow

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-5215",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-5215"
    }
  },
  "description": "TensorFlow\u662f\u4e00\u5957\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u7684\u7aef\u5230\u7aef\u5f00\u6e90\u5e73\u53f0\u3002\n\nGoogle TensorFlow\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04913",
  "openTime": "2020-02-13",
  "patchDescription": "TensorFlow\u662f\u4e00\u5957\u7528\u4e8e\u673a\u5668\u5b66\u4e60\u7684\u7aef\u5230\u7aef\u5f00\u6e90\u5e73\u53f0\u3002\r\n\r\nGoogle TensorFlow\u4e2d\u5b58\u5728\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u5bf9\u8f93\u5165\u7684\u6570\u636e\u8fdb\u884c\u6b63\u786e\u7684\u9a8c\u8bc1\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google TensorFlow\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Google TensorFlow"
  },
  "referenceLink": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
  "serverity": "\u9ad8",
  "submitTime": "2020-02-12",
  "title": "Google TensorFlow\u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e"
}

PYSEC-2020-303

Vulnerability from pysec - Published: 2020-01-28 22:15 - Updated: 2021-12-09 06:34

Details

Impacted products

Name	purl
tensorflow-cpu	pkg:pypi/tensorflow-cpu

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu",
        "purl": "pkg:pypi/tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.2"
            },
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.15.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5215",
    "GHSA-977j-xj7q-2jr9"
  ],
  "details": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
  "id": "PYSEC-2020-303",
  "modified": "2021-12-09T06:34:45.123200Z",
  "published": "2020-01-28T22:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
    }
  ]
}

PYSEC-2020-338

Vulnerability from pysec - Published: 2020-01-28 22:15 - Updated: 2021-12-09 06:35

Details

Impacted products

Name	purl
tensorflow-gpu	pkg:pypi/tensorflow-gpu

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu",
        "purl": "pkg:pypi/tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.2"
            },
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.11.0",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.15.0",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.9.0",
        "2.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5215",
    "GHSA-977j-xj7q-2jr9"
  ],
  "details": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
  "id": "PYSEC-2020-338",
  "modified": "2021-12-09T06:35:16.944663Z",
  "published": "2020-01-28T22:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
    }
  ]
}

PYSEC-2020-258

Vulnerability from pysec - Published: 2020-01-28 22:15 - Updated: 2021-08-27 03:22

Details

Impacted products

Name	purl
tensorflow	pkg:pypi/tensorflow

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow",
        "purl": "pkg:pypi/tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.2"
            },
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.0rc0",
        "0.12.0rc1",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.1.0rc0",
        "1.1.0rc1",
        "1.1.0rc2",
        "1.10.0",
        "1.10.0rc0",
        "1.10.0rc1",
        "1.10.1",
        "1.11.0",
        "1.11.0rc0",
        "1.11.0rc1",
        "1.11.0rc2",
        "1.12.0",
        "1.12.0rc0",
        "1.12.0rc1",
        "1.12.0rc2",
        "1.12.2",
        "1.12.3",
        "1.13.0rc0",
        "1.13.0rc1",
        "1.13.0rc2",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.14.0rc0",
        "1.14.0rc1",
        "1.15.0",
        "1.15.0rc0",
        "1.15.0rc1",
        "1.15.0rc2",
        "1.15.0rc3",
        "1.2.0",
        "1.2.0rc0",
        "1.2.0rc1",
        "1.2.0rc2",
        "1.2.1",
        "1.3.0",
        "1.3.0rc0",
        "1.3.0rc1",
        "1.3.0rc2",
        "1.4.0",
        "1.4.0rc0",
        "1.4.0rc1",
        "1.4.1",
        "1.5.0",
        "1.5.0rc0",
        "1.5.0rc1",
        "1.5.1",
        "1.6.0",
        "1.6.0rc0",
        "1.6.0rc1",
        "1.7.0",
        "1.7.0rc0",
        "1.7.0rc1",
        "1.7.1",
        "1.8.0",
        "1.8.0rc0",
        "1.8.0rc1",
        "1.9.0",
        "1.9.0rc0",
        "1.9.0rc1",
        "1.9.0rc2",
        "2.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5215",
    "GHSA-977j-xj7q-2jr9"
  ],
  "details": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.",
  "id": "PYSEC-2020-258",
  "modified": "2021-08-27T03:22:23.423115Z",
  "published": "2020-01-28T22:15:00Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
    },
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
    }
  ]
}

FKIE_CVE-2020-5215

Vulnerability from fkie_nvd - Published: 2020-01-28 22:15 - Updated: 2024-11-21 05:33

Severity ?

5.0 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf	Patch
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2	Release Notes
security-advisories@github.com	https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1	Release Notes
security-advisories@github.com	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9	Exploit, Patch, Third Party Advisory

Impacted products

	Vendor	Product	Version
	google	tensorflow	*
	google	tensorflow	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06443A2-7C96-4B0D-A014-3CE4692A5818",
              "versionEndExcluding": "1.15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E24E496-9BD4-43D3-80F9-9619815BAD03",
              "versionEndExcluding": "2.0.1",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant(\"hello\", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0."
    },
    {
      "lang": "es",
      "value": "En TensorFlow versiones anteriores a 1.15.2 y 2.0.1, la conversi\u00f3n de una cadena (de Python) a un valor tf.float16 resulta en un fallo de segmentaci\u00f3n en modo eager, ya que las comprobaciones de formato para este caso de uso solo est\u00e1n en el modo graph. Este problema puede conllevar a una denegaci\u00f3n de servicio en inference/training, donde un atacante malicioso puede enviar un punto de datos que contiene una cadena en lugar de un valor tf.float16. Efectos similares pueden ser obtenidos mediante la manipulaci\u00f3n de modelos guardados y puntos de control por los cuales se reemplaza un valor escalar tf.float16 por una cadena escalar, este problema se desencadenar\u00e1 debido a las conversiones autom\u00e1ticas. Esto puede ser reproducido f\u00e1cilmente mediante tf.constant(\"hello\", tf.float16), si una ejecuci\u00f3n eager es habilitada. Este problema es parcheado en TensorFlow versiones 1.15.1 y 2.0.1 con esta vulnerabilidad parcheada. TensorFlow versi\u00f3n 2.1.0 fue publicada despu\u00e9s de que corregimos el problema, por lo que no est\u00e1 afectado. Se incentiva a los usuarios a cambiar a TensorFlow versiones 1.15.1, 2.0.1 o 2.1.0."
    }
  ],
  "id": "CVE-2020-5215",
  "lastModified": "2024-11-21T05:33:41.743",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-28T22:15:11.090",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-977J-XJ7Q-2JR9

Vulnerability from github – Published: 2020-01-28 21:32 – Updated: 2024-10-30 21:27

Summary

Segmentation faultin TensorFlow when converting a Python string to `tf.float16`

Details

Impact

Converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode.

This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value.

Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions.

This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled.

Patches

We have patched the vulnerability in GitHub commit 5ac1b9.

We are additionally releasing TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched.

TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected.

We encourage users to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.

For more information

Please consult SECURITY.md for more information regarding the security model and how to contact us with issues and questions.

Severity ?

5.0 (Medium)


                  
                    CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

1.0 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.0.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-5215"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-01-28T21:24:08Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\n\nConverting a string (from Python) to a `tf.float16` value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode.\n\nThis issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a `tf.float16` value.\n\nSimilar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar `tf.float16` value with a scalar string will trigger this issue due to automatic conversions.\n\nThis can be easily reproduced by `tf.constant(\"hello\", tf.float16)`, if eager execution is enabled.\n\n### Patches\nWe have patched the vulnerability in GitHub commit [5ac1b9](https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf).\n\nWe are additionally releasing TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched.\n\nTensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected.\n\nWe encourage users to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.\n\n### For more information\n\nPlease consult [`SECURITY.md`](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.",
  "id": "GHSA-977j-xj7q-2jr9",
  "modified": "2024-10-30T21:27:16Z",
  "published": "2020-01-28T21:32:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-5215"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-303.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-338.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-258.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Segmentation faultin TensorFlow when converting a Python string to `tf.float16`"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-5215 (GCVE-0-2020-5215)

GSD-2020-5215

CNVD-2020-04913

PYSEC-2020-303

PYSEC-2020-338

PYSEC-2020-258

FKIE_CVE-2020-5215

GHSA-977J-XJ7Q-2JR9

Impact

Patches

For more information

Tags

Sightings

Nomenclature