CVE-2020-15210 MEDIUM

CVE-2020-15210: Segmentation fault in tensorflow-lite

Vendor Tensorflow
Product tensorflow
Weakness CWE-20 · Input validation
Published September 25, 2020
Last update August 4, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Key dates

02Disclosure timeline

September 25, 2020 CVE published
August 4, 2024 Record updated