CVE-2020-15207

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-15207

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15207.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15207

Aliases

Downstream

openSUSE-SU-2020:1766-1

openSUSE-SU-2024:12116-1

Related

Published

2020-09-25T19:15:15.993Z

Modified

2026-02-15T00:45:35.863462Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses ResolveAxis to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the DCHECK does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2d88f470dea2671b430884260f3626b1fe99830a

Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fcc4b966f1265f466e82617020af93670141b009

Introduced

2b96f3662bd776e277f86997659e61046b56c315

Fixed

25fba035f3e453d94490932096282c7b0624bbb3

Introduced

64c3d382cadf7bbe8e7e99884bede8284ff67f56

Fixed

295ad2781683835be974faba0a191528d8079768

Introduced

b36436b087bd8e8701ef51718179037cccdfc26e

Fixed

fcc4b966f1265f466e82617020af93670141b009

Introduced

e5bf8de410005de06a7ff5393fafdf832ef1d4ad

Fixed

ab35f2bf7132f9d20a0bea9a5d1849862737d4b4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15207.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a",
        "digest": {
            "line_hashes": [
                "77400558600300484339504560001090688161",
                "33976402485292289763336288128448202154",
                "291082537597196898762740008073072151215",
                "203358920214184468189409333592589225902"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2020-15207-4f9cd49a",
        "deprecated": false,
        "target": {
            "file": "tensorflow/lite/kernels/internal/reference/reduce.h"
        }
    },
    {
        "signature_type": "Function",
        "signature_version": "v1",
        "source": "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a",
        "digest": {
            "function_hash": "307496285844794787636736706317161422188",
            "length": 531.0
        },
        "id": "CVE-2020-15207-ee3e9c67",
        "deprecated": false,
        "target": {
            "file": "tensorflow/lite/kernels/internal/reference/reduce.h",
            "function": "ResolveAxis"
        }
    }
]