CVE-2020-15266

Advisory

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

Affected versions

[This affected versions has been limited. Please create a free account to view the full affected versions.]

Fixed versions

[This fixed versions has been limited. Please create a free account to view the full fixed versions.]

Vulnerability changelog

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. The issue is patched in eccb7ec454e6617738554a255d77f08e60ee0808 and TensorFlow 2.4.0 will be released containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. See CVE-2020-15266.


CONFIRM:https://github.com/tensorflow/tensorflow/issues/42129: https://github.com/tensorflow/tensorflow/issues/42129
CONFIRM:https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845: https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845
CONFIRM:https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc

Resources

• https://github.com/tensorflow/tensorflow/issues/42129
• https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845
• https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15266