Identifier

CVE-2020-15212

Package Slug

pypi/tensorflow-cpu

Vulnerability

Out-of-bounds Write

Description

In TensorFlow Lite, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segment_ids_data can alter output_index and then write to outside output_data buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits.

Affected Versions

All versions starting from 2.2.0 before 2.2.1, all versions starting from 2.3.0 before 2.3.1

Solution

Upgrade to versions 2.2.1, 2.3.1 or above.

Last Modified

2020-10-05

source