PYSEC-2020-128

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow/PYSEC-2020-128.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-128
Aliases
Published
2020-09-25T19:15:00Z
Modified
2023-12-06T01:00:16.942992Z
Summary
[none]
Details

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the data_splits argument of tf.raw_ops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after ee ff are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

References

Affected packages

PyPI / tensorflow

Package

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.15.4
Introduced
2.0.0
Fixed
2.0.3
Introduced
2.1.0
Fixed
2.1.2
Introduced
2.2.0
Fixed
2.2.1
Introduced
2.3.0
Fixed
2.3.1

Affected versions

0.*

0.12.0rc0
0.12.0rc1
0.12.0
0.12.1

1.*

1.0.0
1.0.1
1.1.0rc0
1.1.0rc1
1.1.0rc2
1.1.0
1.2.0rc0
1.2.0rc1
1.2.0rc2
1.2.0
1.2.1
1.3.0rc0
1.3.0rc1
1.3.0rc2
1.3.0
1.4.0rc0
1.4.0rc1
1.4.0
1.4.1
1.5.0rc0
1.5.0rc1
1.5.0
1.5.1
1.6.0rc0
1.6.0rc1
1.6.0
1.7.0rc0
1.7.0rc1
1.7.0
1.7.1
1.8.0rc0
1.8.0rc1
1.8.0
1.9.0rc0
1.9.0rc1
1.9.0rc2
1.9.0
1.10.0rc0
1.10.0rc1
1.10.0
1.10.1
1.11.0rc0
1.11.0rc1
1.11.0rc2
1.11.0
1.12.0rc0
1.12.0rc1
1.12.0rc2
1.12.0
1.12.2
1.12.3
1.13.0rc0
1.13.0rc1
1.13.0rc2
1.13.1
1.13.2
1.14.0rc0
1.14.0rc1
1.14.0
1.15.0rc0
1.15.0rc1
1.15.0rc2
1.15.0rc3
1.15.0
1.15.2
1.15.3

2.*

2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.2.0
2.3.0