github - ghsa-c9f3-9wfr-wgh7

ghsa-c9f3-9wfr-wgh7

Vulnerability from github

Published

2020-12-10 19:07

Modified

2024-10-28 20:02

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
2.1 (Low) - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Summary

Lack of validation in data format attributes in TensorFlow

Details

Impact

The tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC.

However, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds and even crashes.

```python

import tensorflow as tf tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='1234', dst_format='1234') ... tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='HHHH', dst_format='WWWW') ... tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format='H', dst_format='W') tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1234', dst_format='1253') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1234', dst_format='1223') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1224', dst_format='1423') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='1234', dst_format='432') ... tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format='12345678', dst_format='87654321') munmap_chunk(): invalid pointer Aborted ... tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]],
src_format='12345678', dst_format='87654321') ... tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]], src_format='12345678', dst_format='87654321') free(): invalid next size (fast) Aborted ```

A similar issue occurs in tf.raw_ops.DataFormatDimMap, for the same reasons:

```python

tf.raw_ops.DataFormatDimMap(x=[[1,5],[2,6],[3,7],[4,8]], src_format='1234', dst_format='8765') ```

Patches

We have patched the issue in GitHub commit ebc70b7a592420d3d2f359e4b1694c236b82c7ae and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.

Since this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26267"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-10T19:05:08Z",
    "nvd_published_at": "2020-12-10T23:15:00Z",
    "severity": "LOW"
  },
  "details": "### Impact\nThe `tf.raw_ops.DataFormatVecPermute` API does not validate the `src_format` and `dst_format` attributes. [The code](https://github.com/tensorflow/tensorflow/blob/304b96815324e6a73d046df10df6626d63ac12ad/tensorflow/core/kernels/data_format_ops.cc) assumes that these two arguments define a permutation of `NHWC`.\n\nHowever, these assumptions are not checked and this can result in uninitialized memory accesses, read outside of bounds and even crashes.\n\n```python\n\u003e\u003e\u003e import tensorflow as tf\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format=\u00271234\u0027, dst_format=\u00271234\u0027)\n\u003ctf.Tensor: shape=(2,), dtype=int32, numpy=array([4, 757100143], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format=\u0027HHHH\u0027, dst_format=\u0027WWWW\u0027)\n\u003ctf.Tensor: shape=(2,), dtype=int32, numpy=array([4, 32701], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,4], src_format=\u0027H\u0027, dst_format=\u0027W\u0027)\n\u003ctf.Tensor: shape=(2,), dtype=int32, numpy=array([4, 32701], dtype=int32)\u003e\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], \n                                    src_format=\u00271234\u0027, dst_format=\u00271253\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([4, 2, 939037184, 3], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4],\n                                    src_format=\u00271234\u0027, dst_format=\u00271223\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([4, 32701, 2, 3], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4],\n                                    src_format=\u00271224\u0027, dst_format=\u00271423\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([1, 4, 3, 32701], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4], src_format=\u00271234\u0027, dst_format=\u0027432\u0027)\n\u003ctf.Tensor: shape=(4,), dtype=int32, numpy=array([4, 3, 2, 32701], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[1,2,3,4],\n                                    src_format=\u002712345678\u0027, dst_format=\u002787654321\u0027)\nmunmap_chunk(): invalid pointer\nAborted\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]],           \n                                    src_format=\u002712345678\u0027, dst_format=\u002787654321\u0027)\n\u003ctf.Tensor: shape=(4, 2), dtype=int32, numpy=\narray([[71364624,        0],\n       [71365824,        0],\n       [     560,        0],\n       [      48,        0]], dtype=int32)\u003e\n...\n\u003e\u003e\u003e tf.raw_ops.DataFormatVecPermute(x=[[1,5],[2,6],[3,7],[4,8]], \n                                    src_format=\u002712345678\u0027, dst_format=\u002787654321\u0027)\nfree(): invalid next size (fast)\nAborted\n```\n\nA similar issue occurs in `tf.raw_ops.DataFormatDimMap`, for the same reasons:\n\n```python\n\u003e\u003e\u003e tf.raw_ops.DataFormatDimMap(x=[[1,5],[2,6],[3,7],[4,8]], src_format=\u00271234\u0027,\n\u003e\u003e\u003e dst_format=\u00278765\u0027)\n\u003ctf.Tensor: shape=(4, 2), dtype=int32, numpy=\narray([[1954047348, 1954047348],\n       [1852793646, 1852793646],\n       [1954047348, 1954047348],\n       [1852793632, 1852793632]], dtype=int32)\u003e\n```\n\n### Patches\nWe have patched the issue in GitHub commit [ebc70b7a592420d3d2f359e4b1694c236b82c7ae](https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae) and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.\n\nSince this issue also impacts TF versions before 2.4, we will patch all releases between 1.15 and 2.3 inclusive.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported by members of the Aivul Team from Qihoo 360.",
  "id": "GHSA-c9f3-9wfr-wgh7",
  "modified": "2024-10-28T20:02:35Z",
  "published": "2020-12-10T19:07:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26267"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-298.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-333.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-140.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tensorflow/tensorflow"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Lack of validation in data format attributes in TensorFlow"
}

cve-2020-26267

Vulnerability from cvelistv5

Published

2020-12-10 22:10

Modified

2024-08-04 15:56

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Summary

In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

▼	URL	Tags
	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7	x_refsource_CONFIRM
	https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

tensorflow

Version: < 1.15.5
Version: >= 2.0.0, < 2.0.4
Version: >= 2.1.0, < 2.1.3
Version: >= 2.2.0, < 2.2.2
Version: >= 2.3.0, < 2.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:56:04.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "tensorflow",
          "vendor": "tensorflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.15.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.1.0, \u003c 2.1.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.2.0, \u003c 2.2.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.3.0, \u003c 2.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-10T22:10:40",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
        }
      ],
      "source": {
        "advisory": "GHSA-c9f3-9wfr-wgh7",
        "discovery": "UNKNOWN"
      },
      "title": "Lack of validation in data format attributes in TensorFlow",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-26267",
          "STATE": "PUBLIC",
          "TITLE": "Lack of validation in data format attributes in TensorFlow"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "tensorflow",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 1.15.5"
                          },
                          {
                            "version_value": "\u003e= 2.0.0, \u003c 2.0.4"
                          },
                          {
                            "version_value": "\u003e= 2.1.0, \u003c 2.1.3"
                          },
                          {
                            "version_value": "\u003e= 2.2.0, \u003c 2.2.2"
                          },
                          {
                            "version_value": "\u003e= 2.3.0, \u003c 2.3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "tensorflow"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7",
              "refsource": "CONFIRM",
              "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
            },
            {
              "name": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae",
              "refsource": "MISC",
              "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-c9f3-9wfr-wgh7",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26267",
    "datePublished": "2020-12-10T22:10:40",
    "dateReserved": "2020-10-01T00:00:00",
    "dateUpdated": "2024-08-04T15:56:04.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

pysec-2020-140

Vulnerability from pysec

Published

2020-12-10 23:15

Modified

2020-12-14 19:08

Details

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow",
        "purl": "pkg:pypi/tensorflow"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            },
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            },
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            },
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0rc0",
        "0.12.0rc1",
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0rc0",
        "1.1.0rc1",
        "1.1.0rc2",
        "1.1.0",
        "1.2.0rc0",
        "1.2.0rc1",
        "1.2.0rc2",
        "1.2.0",
        "1.2.1",
        "1.3.0rc0",
        "1.3.0rc1",
        "1.3.0rc2",
        "1.3.0",
        "1.4.0rc0",
        "1.4.0rc1",
        "1.4.0",
        "1.4.1",
        "1.5.0rc0",
        "1.5.0rc1",
        "1.5.0",
        "1.5.1",
        "1.6.0rc0",
        "1.6.0rc1",
        "1.6.0",
        "1.7.0rc0",
        "1.7.0rc1",
        "1.7.0",
        "1.7.1",
        "1.8.0rc0",
        "1.8.0rc1",
        "1.8.0",
        "1.9.0rc0",
        "1.9.0rc1",
        "1.9.0rc2",
        "1.9.0",
        "1.10.0rc0",
        "1.10.0rc1",
        "1.10.0",
        "1.10.1",
        "1.11.0rc0",
        "1.11.0rc1",
        "1.11.0rc2",
        "1.11.0",
        "1.12.0rc0",
        "1.12.0rc1",
        "1.12.0rc2",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.0rc0",
        "1.13.0rc1",
        "1.13.0rc2",
        "1.13.1",
        "1.13.2",
        "1.14.0rc0",
        "1.14.0rc1",
        "1.14.0",
        "1.15.0rc0",
        "1.15.0rc1",
        "1.15.0rc2",
        "1.15.0rc3",
        "1.15.0",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.2.0",
        "2.2.1",
        "2.3.0",
        "2.3.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26267",
    "GHSA-c9f3-9wfr-wgh7"
  ],
  "details": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.",
  "id": "PYSEC-2020-140",
  "modified": "2020-12-14T19:08:00Z",
  "published": "2020-12-10T23:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
    }
  ]
}

pysec-2020-298

Vulnerability from pysec

Published

2020-12-10 23:15

Modified

2021-12-09 06:34

Details

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-cpu",
        "purl": "pkg:pypi/tensorflow-cpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            },
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            },
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            },
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.15.0",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.2.0",
        "2.2.1",
        "2.3.0",
        "2.3.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26267",
    "GHSA-c9f3-9wfr-wgh7"
  ],
  "details": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.",
  "id": "PYSEC-2020-298",
  "modified": "2021-12-09T06:34:44.408160Z",
  "published": "2020-12-10T23:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
    }
  ]
}

pysec-2020-333

Vulnerability from pysec

Published

2020-12-10 23:15

Modified

2021-12-09 06:35

Details

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "tensorflow-gpu",
        "purl": "pkg:pypi/tensorflow-gpu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
            }
          ],
          "repo": "https://github.com/tensorflow/tensorflow",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.5"
            },
            {
              "introduced": "2.0.0"
            },
            {
              "fixed": "2.0.4"
            },
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.3"
            },
            {
              "introduced": "2.2.0"
            },
            {
              "fixed": "2.2.2"
            },
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.12.0",
        "0.12.1",
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.11.0",
        "1.12.0",
        "1.12.2",
        "1.12.3",
        "1.13.1",
        "1.13.2",
        "1.14.0",
        "1.15.0",
        "1.15.2",
        "1.15.3",
        "1.15.4",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.9.0",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.0.3",
        "2.1.0",
        "2.1.1",
        "2.1.2",
        "2.2.0",
        "2.2.1",
        "2.3.0",
        "2.3.1"
      ]
    }
  ],
  "aliases": [
    "CVE-2020-26267",
    "GHSA-c9f3-9wfr-wgh7"
  ],
  "details": "In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.",
  "id": "PYSEC-2020-333",
  "modified": "2021-12-09T06:35:16.197426Z",
  "published": "2020-12-10T23:15:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

ghsa-c9f3-9wfr-wgh7

Vulnerability from github

Impact

Patches

For more information

Attribution

cve-2020-26267

Vulnerability from cvelistv5

pysec-2020-140

Vulnerability from pysec

pysec-2020-298

Vulnerability from pysec

pysec-2020-333

Vulnerability from pysec

Tags

Sightings

Nomenclature