CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

History

18 Nov 2021, 17:27

Type Values Removed Values Added
CWE CWE-20 CWE-787

16 Sep 2021, 15:45

Type Values Removed Values Added
CPE cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - Mailing List, Third Party Advisory

17 Aug 2021, 13:21

Type Values Removed Values Added
CPE cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:lite:*:*:* cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*

Information

Published : 2020-09-25 19:15

Updated : 2023-12-10 13:41


NVD link : CVE-2020-15210

Mitre link : CVE-2020-15210

CVE.ORG link : CVE-2020-15210


JSON object : View

Products Affected

opensuse

  • leap

google

  • tensorflow
CWE
CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation