Vulnerability Description
In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tensorflow | < 2.4.0 |
Related Weaknesses (CWE)
References
- https://github.com/tensorflow/tensorflow/issues/42129ExploitPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237dePatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gcPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/issues/42129ExploitPatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237dePatchThird Party Advisory
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gcPatchThird Party Advisory
FAQ
What is CVE-2020-15266?
CVE-2020-15266 is a vulnerability with a CVSS score of 3.7 (LOW). In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attem...
How severe is CVE-2020-15266?
CVE-2020-15266 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15266?
Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.