CVE-2020-15210

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*
cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

History

18 Nov 2021, 17:27

Type Values Removed Values Added
CWE CWE-20 CWE-787

16 Sep 2021, 15:45

Type Values Removed Values Added
CPE cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html - Mailing List, Third Party Advisory

17 Aug 2021, 13:21

Type Values Removed Values Added
CPE cpe:2.3:a:tensorflow:tensorflow:*:*:*:*:lite:*:*:* cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*

Information

Published : 2020-09-25 19:15

Updated : 2021-11-18 17:27


NVD link : CVE-2020-15210

Mitre link : CVE-2020-15210


JSON object : View

Products Affected

google

  • tensorflow

opensuse

  • leap
CWE
CWE-787

Out-of-bounds Write