CVE-2020-15266
LOW3.7EPSS 0.13%Float cast overflow undefined behavior
Description
### Impact When the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value. Attempting to operate on this is undefined behavior which later produces a segmentation fault. ### Patches We have patched the issue in c0319231333f0f16e1cc75ec83660b01fedd4182 and will release TensorFlow 2.4.0 containing the patch. TensorFlow nightly packages after this commit will also have the issue resolved. ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported in #42129
Affected packages (7)
- Bitnami/tensorflowfrom 0, < 2.4.0
- PyPI/tensorflowfrom 0, < 2.4.0
- PyPI/tensorflowfrom 0, < 2.4.0
- PyPI/tensorflow-cpufrom 0, < 2.4.0
- PyPI/tensorflow-cpufrom 0, < 2.4.0
- PyPI/tensorflow-gpufrom 0, < 2.4.0
- PyPI/tensorflow-gpufrom 0, < 2.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | LOW3.7 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L |
References (8)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-15266
- PATCHhttps://github.com/tensorflow/tensorflow
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-296.yaml
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-331.yaml
- WEBhttps://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-139.yaml
- WEBhttps://github.com/tensorflow/tensorflow/issues/42129
- WEBhttps://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845
- WEBhttps://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc