Published: 25/09/2020 Updated: 18/11/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 4 | Impact Score: 1.4 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In TensorFlow Lite prior to 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google tensorflow

CWE-770 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87 https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15213

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect