CVE-2020-15194
Description
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the SparseFillEmptyRowsGrad implementation has incomplete validation of the shapes of its arguments. Although reverse_index_map_t and grad_values_t are accessed in a similar pattern, only reverse_index_map_t is validated to be of proper shape. Hence, malicious users can pass a bad grad_values_t to trigger an assertion failure in vec, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.22
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Python-tensorflow 1.15.4 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow 2.0.3 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow 2.1.2 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow 2.2.1 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow 2.3.1 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu 1.15.4 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.1.2 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.2.1 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu 2.3.1 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu 1.15.4 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.0.3 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.1.2 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.2.1 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu 2.3.1 | Windows |
| Multiple vulnerabilities are fixed in Python-tensorflow for linux 1.15.4 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.0.3 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.1.2 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.2.1 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow for linux 2.3.1 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 1.15.4 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.1.2 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.2.1 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-cpu for linux 2.3.1 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 1.15.4 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.0.3 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.1.2 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.2.1 | Linux |
| Multiple vulnerabilities are fixed in Python-tensorflow-gpu for linux 2.3.1 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234