GHSA-x5cp-9pcf-pp3h
Vulnerability from github
8.2 (High) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Impact
The RaggedCountSparseOutput
does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits
tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops.cc#L241-L244
Since BatchedMap
is equivalent to a vector, it needs to have at least one element to not be nullptr
. If user passes a splits
tensor that is empty or has exactly one element, we get a SIGABRT
signal raised by the operating system.
Patches
We have patched the issue in 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and will release a patch release.
We recommend users to upgrade to TensorFlow 2.3.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability is a variant of GHSA-p5f8-gfw5-33w4
{ "affected": [ { "package": { "ecosystem": "PyPI", "name": "tensorflow" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.3.0" ] }, { "package": { "ecosystem": "PyPI", "name": "tensorflow-cpu" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.3.0" ] }, { "package": { "ecosystem": "PyPI", "name": "tensorflow-gpu" }, "ranges": [ { "events": [ { "introduced": "2.3.0" }, { "fixed": "2.3.1" } ], "type": "ECOSYSTEM" } ], "versions": [ "2.3.0" ] } ], "aliases": [ "CVE-2020-15199" ], "database_specific": { "cwe_ids": [ "CWE-20" ], "github_reviewed": true, "github_reviewed_at": "2020-09-25T16:59:30Z", "nvd_published_at": "2020-09-25T19:15:00Z", "severity": "HIGH" }, "details": "### Impact\nThe `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops.cc#L241-L244\n\nSince `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system.\n\n### Patches\nWe have patched the issue in 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and will release a patch release.\n\nWe recommend users to upgrade to TensorFlow 2.3.1.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability is a variant of [GHSA-p5f8-gfw5-33w4](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4)", "id": "GHSA-x5cp-9pcf-pp3h", "modified": "2024-10-28T14:51:46Z", "published": "2020-09-25T18:28:24Z", "references": [ { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15199" }, { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-279.yaml" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-314.yaml" }, { "type": "WEB", "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-122.yaml" }, { "type": "PACKAGE", "url": "https://github.com/tensorflow/tensorflow" }, { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "Denial of Service in Tensorflow" }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.