Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1Y3AtOXBjZi1wcDNo

High CVSS: 8.2 EPSS: 0.00239% (0.46963 Percentile) EPSS:
Permalink JSON

Denial of Service in Tensorflow

Affected Packages Affected Versions Fixed Versions
pypi:tensorflow-gpu
PURL: pkg:pypi/tensorflow-gpu
= 2.3.0 2.3.1
155 Dependent packages
11,499 Dependent repositories
105,872 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

0.12.0, 0.12.1, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.12.2, 1.12.3, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.15.2, 1.15.3, 1.15.4, 1.15.5, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.0rc0, 2.7.0rc1, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0, 2.8.0rc0, 2.8.0rc1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.0rc0, 2.9.0rc1, 2.9.0rc2, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.0rc0, 2.10.0rc1, 2.10.0rc2, 2.10.0rc3, 2.10.1, 2.11.0, 2.11.0rc0, 2.11.0rc1, 2.11.0rc2, 2.12.0
pypi:tensorflow-cpu
PURL: pkg:pypi/tensorflow-cpu
= 2.3.0 2.3.1
88 Dependent packages
2,483 Dependent repositories
1,080,245 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

1.15.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.0rc0, 2.7.0rc1, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0, 2.8.0rc0, 2.8.0rc1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.0rc0, 2.9.0rc1, 2.9.0rc2, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.0rc0, 2.10.0rc1, 2.10.0rc2, 2.10.0rc3, 2.10.1, 2.11.0, 2.11.0rc0, 2.11.0rc1, 2.11.0rc2, 2.11.1, 2.12.0, 2.12.0rc0, 2.12.0rc1, 2.12.1, 2.13.0, 2.13.0rc0, 2.13.0rc1, 2.13.0rc2, 2.13.1, 2.14.0, 2.14.0rc0, 2.14.0rc1, 2.14.1, 2.15.0, 2.15.0rc0, 2.15.0rc1, 2.15.1, 2.16.0rc0, 2.16.1, 2.16.2, 2.17.0, 2.17.0rc0, 2.17.0rc1, 2.17.1, 2.18.0, 2.18.0rc0, 2.18.0rc1, 2.18.0rc2, 2.18.1, 2.19.0, 2.19.0rc0, 2.19.1, 2.20.0, 2.20.0rc0
pypi:tensorflow
PURL: pkg:pypi/tensorflow
= 2.3.0 2.3.1
2,172 Dependent packages
73,755 Dependent repositories
21,825,433 Downloads last month

Affected Version Ranges

All affected versions

All unaffected versions

0.12.0, 0.12.1, 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.5.0, 1.5.1, 1.6.0, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.10.0, 1.10.1, 1.11.0, 1.12.0, 1.12.2, 1.12.3, 1.13.1, 1.13.2, 1.14.0, 1.15.0, 1.15.2, 1.15.3, 1.15.4, 1.15.5, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.2.0, 2.2.0rc0, 2.2.0rc1, 2.2.0rc2, 2.2.0rc3, 2.2.0rc4, 2.2.1, 2.2.2, 2.2.3, 2.3.0, 2.3.0rc0, 2.3.0rc1, 2.3.0rc2, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.4.0, 2.4.0rc0, 2.4.0rc1, 2.4.0rc2, 2.4.0rc3, 2.4.0rc4, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.5.0, 2.5.0rc0, 2.5.0rc1, 2.5.0rc2, 2.5.0rc3, 2.5.1, 2.5.2, 2.5.3, 2.6.0, 2.6.0rc0, 2.6.0rc1, 2.6.0rc2, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.7.0, 2.7.0rc0, 2.7.0rc1, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.8.0, 2.8.0rc0, 2.8.0rc1, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.9.0, 2.9.0rc0, 2.9.0rc1, 2.9.0rc2, 2.9.1, 2.9.2, 2.9.3, 2.10.0, 2.10.0rc0, 2.10.0rc1, 2.10.0rc2, 2.10.0rc3, 2.10.1, 2.11.0, 2.11.0rc0, 2.11.0rc1, 2.11.0rc2, 2.11.1, 2.12.0, 2.12.0rc0, 2.12.0rc1, 2.12.1, 2.13.0, 2.13.0rc0, 2.13.0rc1, 2.13.0rc2, 2.13.1, 2.14.0, 2.14.0rc0, 2.14.0rc1, 2.14.1, 2.15.0, 2.15.0rc0, 2.15.0rc1, 2.15.1, 2.16.0rc0, 2.16.1, 2.16.2, 2.17.0, 2.17.0rc0, 2.17.0rc1, 2.17.1, 2.18.0, 2.18.0rc0, 2.18.0rc1, 2.18.0rc2, 2.18.1, 2.19.0, 2.19.0rc0, 2.19.1, 2.20.0rc0

Impact

The RaggedCountSparseOutput does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the splits tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure:
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops.cc#L241-L244

Since BatchedMap is equivalent to a vector, it needs to have at least one element to not be nullptr. If user passes a splits tensor that is empty or has exactly one element, we get a SIGABRT signal raised by the operating system.

Patches

We have patched the issue in 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and will release a patch release.

We recommend users to upgrade to TensorFlow 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability is a variant of GHSA-p5f8-gfw5-33w4

References:

Identifiers

GHSA-x5cp-9pcf-pp3h

CVE-2020-15199

Risk

Severity

High

CVSS

CVSS Score: 8.2

CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS

EPSS Percentage: 0.00239

EPSS Percentile: 0.46963

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/tensorflow/tensorflow

Date and time

Published

about 5 years ago

Updated

about 1 year ago

API

JSON