CVE-2020-15194

{"id": "CVE-2020-15194", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2020-09-25T19:15:14.683", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-617"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\""}, {"lang": "es", "value": "En Tensorflow versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, la implementaci\u00f3n de \"SparseFillEmptyRowsGrad\" presenta una comprobaci\u00f3n incompleta de las formas de sus argumentos. Aunque se accede a \"reverse_index_map_t\" y \"grad_values_t\" con un patr\u00f3n similar, solo \"reverse_index_map_t\" se comprueba que tenga la forma adecuada. Por lo tanto, los usuarios maliciosos pueden pasar un \"grad_values_t\" incorrecto para desencadenar un fallo de aserci\u00f3n en \"vec\", causando la denegaci\u00f3n de servicio en las instalaciones de servicio. El problema es parcheado en el commit 390611e0d45c5793c7066110af37c8514e6a6c54 y es publicado en TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1"}], "lastModified": "2024-11-21T05:05:03.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "EC688B44-17B7-462D-B6E3-BAAF99334782", "versionEndExcluding": "1.15.4"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B6271763-8DFA-4A8F-9596-F1148961ECC5", "versionEndExcluding": "2.0.3", "versionStartIncluding": "2.0.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "AA3FD62B-13CB-4EB5-939F-C848DE9AE071", "versionEndExcluding": "2.1.2", "versionStartIncluding": "2.1.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "029CB8A9-ED3D-486D-967C-4CE0AF8D8FAD", "versionEndExcluding": "2.2.1", "versionStartIncluding": "2.2.0"}, {"criteria": "cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "B617650A-B5A1-44BB-BB3A-2EF83648B100", "versionEndExcluding": "2.3.1", "versionStartIncluding": "2.3.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}