CVE-2020-26269: TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
(updated )
The general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories:
if (!fs->Match(child_path, dirs[dir_index])) { ... }
Since dir_index
is unconditionaly incremented outside of the lambda function where the vulnerable pattern occurs, this results in an access out of bounds issue under certain scenarios. For example, if /tmp/x
is a directory that only contains a single file y
, then the following scenario will cause a crash due to the out of bounds read:
>>> tf.io.gfile.glob('/tmp/x/')
Segmentation fault
There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths
but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these.
References
- github.com/advisories/GHSA-9jjw-hf72-3mxw
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-300.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-335.yaml
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-141.yaml
- github.com/tensorflow/tensorflow
- github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc
- github.com/tensorflow/tensorflow/blob/458c6260265c46ebaf18052d6c61aea4b6b40926/tensorflow/core/platform/file_system_helper.cc
- github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c
- github.com/tensorflow/tensorflow/pull/40861
- github.com/tensorflow/tensorflow/pull/44310
- github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw
- nvd.nist.gov/vuln/detail/CVE-2020-26269
Detect and mitigate CVE-2020-26269 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →