CVE-2020-15205 — CRITICAL (9.0)

Q: How severe is CVE-2020-15205?

CVE-2020-15205 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-15205?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow, Opensuse Leap.

Vulnerability Description

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Tensorflow	< 1.15.4
Opensuse	Leap	15.2

Related Weaknesses (CWE)

CWE-119 CWE-122 CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlMailing ListThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22cPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46ExploitThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.htmlMailing ListThird Party Advisory
https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22cPatchThird Party Advisory
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1Third Party Advisory
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46ExploitThird Party Advisory

FAQ

What is CVE-2020-15205?

CVE-2020-15205 is a vulnerability with a CVSS score of 9.0 (CRITICAL). In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap ove...

How severe is CVE-2020-15205?

CVE-2020-15205 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-15205?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow, Opensuse Leap.