CVE-2020-5215 – tensorflow-cpu

Package

Manager: pip
Name: tensorflow-cpu
Vulnerable Version: >=0 <1.15.2 || =2.0.0 || >=2.0.0 <2.0.1

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

EPSS: 0.0025 pctl0.48067

Details

Segmentation faultin TensorFlow when converting a Python string to `tf.float16` ### Impact Converting a string (from Python) to a `tf.float16` value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a `tf.float16` value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar `tf.float16` value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by `tf.constant("hello", tf.float16)`, if eager execution is enabled. ### Patches We have patched the vulnerability in GitHub commit [5ac1b9](https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf). We are additionally releasing TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. We encourage users to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0. ### For more information Please consult [`SECURITY.md`](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

Metadata

Created: 2020-01-28T21:32:29Z
Modified: 2024-10-30T21:27:16Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/01/GHSA-977j-xj7q-2jr9/GHSA-977j-xj7q-2jr9.json
CWE IDs: ["CWE-754"]
Alternative ID: GHSA-977j-xj7q-2jr9
Finding: F002
Auto approve: 1