dev-mend-for-github-com[bot]
commented
5 months ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
TensorFlow is a machine learning library.
Library home page: https://api.anaconda.org/download/main/tensorflow/2.3.0/linux-64/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Found in HEAD commit: 0176dbbc4a1232e1926229894b718c7c733b0cff
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-15205
### Vulnerable Library - tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2TensorFlow is a machine learning library.
Library home page: https://api.anaconda.org/download/main/tensorflow/2.3.0/linux-64/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Dependency Hierarchy: - :x: **tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2** (Vulnerable Library)
Found in HEAD commit: 0176dbbc4a1232e1926229894b718c7c733b0cff
Found in base branch: master
### Vulnerability DetailsIn Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Publish Date: 2020-09-25
URL: CVE-2020-15205
### CVSS 3 Score Details (9.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46
Release Date: 2020-09-25
Fix Resolution: 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
CVE-2020-15202
### Vulnerable Library - tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2TensorFlow is a machine learning library.
Library home page: https://api.anaconda.org/download/main/tensorflow/2.3.0/linux-64/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Dependency Hierarchy: - :x: **tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2** (Vulnerable Library)
Found in HEAD commit: 0176dbbc4a1232e1926229894b718c7c733b0cff
Found in base branch: master
### Vulnerability DetailsIn Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Publish Date: 2020-09-25
URL: CVE-2020-15202
### CVSS 3 Score Details (9.0)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4
Release Date: 2020-09-25
Fix Resolution: 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1
CVE-2021-37678
### Vulnerable Library - tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2TensorFlow is a machine learning library.
Library home page: https://api.anaconda.org/download/main/tensorflow/2.3.0/linux-64/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Dependency Hierarchy: - :x: **tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2** (Vulnerable Library)
Found in HEAD commit: 0176dbbc4a1232e1926229894b718c7c733b0cff
Found in base branch: master
### Vulnerability DetailsTensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/python/keras/saving/model_config.py#L66-L104) uses `yaml.unsafe_load` which can perform arbitrary code execution on the input. Given that YAML format support requires a significant amount of work, we have removed it for now. We have patched the issue in GitHub commit 23d6383eb6c14084a8fc3bdf164043b974818012. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.
Publish Date: 2021-08-12
URL: CVE-2021-37678
### CVSS 3 Score Details (8.8)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Local - Attack Complexity: Low - Privileges Required: Low - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r6jx-9g48-2r5r
Release Date: 2021-08-12
Fix Resolution: tensorflow - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-cpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0, tensorflow-gpu - 2.3.4, 2.4.3, 2.5.1, 2.6.0
CVE-2020-15196
### Vulnerable Library - tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2TensorFlow is a machine learning library.
Library home page: https://api.anaconda.org/download/main/tensorflow/2.3.0/linux-64/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Dependency Hierarchy: - :x: **tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2** (Vulnerable Library)
Found in HEAD commit: 0176dbbc4a1232e1926229894b718c7c733b0cff
Found in base branch: master
### Vulnerability DetailsIn Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.
Publish Date: 2020-09-25
URL: CVE-2020-15196
### CVSS 3 Score Details (8.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph
Release Date: 2020-09-25
Fix Resolution: 2.3.1
CVE-2020-15195
### Vulnerable Library - tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2TensorFlow is a machine learning library.
Library home page: https://api.anaconda.org/download/main/tensorflow/2.3.0/linux-64/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2
Dependency Hierarchy: - :x: **tensorflow-2.3.0-eigen_py38h71ff20e_0.tar.bz2** (Vulnerable Library)
Found in HEAD commit: 0176dbbc4a1232e1926229894b718c7c733b0cff
Found in base branch: master
### Vulnerability DetailsIn Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
Publish Date: 2020-09-25
URL: CVE-2020-15195
### CVSS 3 Score Details (8.5)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: Low - User Interaction: None - Scope: Changed - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr
Release Date: 2020-09-25
Fix Resolution: 1.15.4, 2.0.3, 2.1.2, 2.2.1, 2.3.1