CVE-2020-15201

Public Exploit

Heap buffer overflow in Tensorflow

Description

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

References

Link	Tags
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1	third party advisory
https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02	third party advisory patch
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4	third party advisory exploit

Frequently Asked Questions

What is the severity of CVE-2020-15201?: CVE-2020-15201 has been scored as a medium severity vulnerability.
How to fix CVE-2020-15201?: To fix CVE-2020-15201, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2020-15201 being actively exploited in the wild?: It is possible that CVE-2020-15201 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-15201?: CVE-2020-15201 affects tensorflow tensorflow.

Description

Categories

CWE-20 – Improper Input Validation

CWE-787 – Out-of-bounds Write

References

Frequently Asked Questions