CVE-2020-15196

In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

CVSS v3 9.9 CRITICAL
CVSS v2.0 6.5 MEDIUM

9.9^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.1 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02	Patch Third Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1	Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:tensorflow:2.3.0:*:*:*:-:*:*:*

History

18 Nov 2021, 17:21

Type	Values Removed	Values Added
CWE	CWE-119 CWE-122	CWE-125

17 Aug 2021, 13:21

Type	Values Removed	Values Added
CPE	cpe:2.3:a:tensorflow:tensorflow:2.3.0::::-:::	cpe:2.3:a:google:tensorflow:2.3.0::::-:::

Information

Published : 2020-09-25 19:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-15196

Mitre link : CVE-2020-15196

CVE.ORG link : CVE-2020-15196

JSON object : View

Products Affected

google

tensorflow

CWE

CWE-125

Out-of-bounds Read

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2020-15196", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}]}, "published": "2020-09-25T19:15:14.870", "references": [{"url": "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1."}, {"lang": "es", "value": "En Tensorflow versi\u00f3n 2.3.0, las implementaciones de \"SparseCountSparseOutput\" y \"RaggedCountSparseOutput\" no comprueban que el tensor \"weights\" tenga la misma forma que los datos. La comprobaci\u00f3n existe para \"DenseCountSparseOutput\", donde ambos tensores est\u00e1n completamente especificados. En el recuento escaso y desigual, todav\u00eda se accede a los pesos en paralelo con los datos. Pero, dado que no existe comprobaci\u00f3n, un usuario que pase menos pesos que valores para los tensores puede generar una lectura desde fuera de los l\u00edmites del b\u00fafer de pila asignado para los pesos. El problema es parcheado en el commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 y es publicado en TensorFlow versi\u00f3n 2.3.1"}], "lastModified": "2021-11-18T17:21:15.080", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:2.3.0:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "D0A7B69E-9388-48F0-B744-49453EBAF5D5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}