CVE-2020-15212: Out-of-bounds Write
(updated )
In TensorFlow Lite, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to segment_ids_data
can alter output_index
and then write to outside output_data
buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits.
References
Detect and mitigate CVE-2020-15212 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →