In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
CVE-2020-15208 - High Severity Vulnerability
An unofficial build of TensorFlow for iOS used by TensorIO, supporting inference, evaluation, and training.
Library home page: https://storage.googleapis.com/tensorio-build/ios/release/2.0/xcodebuild/12C33/tag/2.0.8/pod/TensorIO-TensorFlow-2.0_8.tar.gz
Path to dependency file: tensorio-ios/TensorFlowExample/Podfile.lock
Path to vulnerable library: tensorio-ios/TensorFlowExample/Podfile.lock,tensorio-ios/SwiftTensorFlowExample/Podfile.lock
Dependency Hierarchy: - TensorIO/TensorFlow-1.2.5 (Root Library) - :x: **TensorIOTensorFlow-2.0.8** (Vulnerable Library)
Found in HEAD commit: 9ca8c916de11c6aadffe21f686982bf1f761da36
Found in base branch: master
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Publish Date: 2020-09-25
URL: CVE-2020-15208
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a
Release Date: 2020-07-21
Fix Resolution: 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1