CVE-2020-15199

Public Exploit

Denial of Service in Tensorflow

Description

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

References

Link	Tags
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1	third party advisory
https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02	third party advisory patch
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2020-15199?: CVE-2020-15199 has been scored as a medium severity vulnerability.
How to fix CVE-2020-15199?: To fix CVE-2020-15199, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-15199 being actively exploited in the wild?: It is possible that CVE-2020-15199 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-15199?: CVE-2020-15199 affects tensorflow tensorflow.

Description

Category

CWE-20 – Improper Input Validation

References

Frequently Asked Questions