CVE-2020-5215

MEDIUM5.0EPSS 0.23%

Segmentation faultin TensorFlow when converting a Python string to `tf.float16`

發布日:2020/1/28修改日:2026/3/13

描述

### Impact Converting a string (from Python) to a `tf.float16` value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a `tf.float16` value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar `tf.float16` value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by `tf.constant("hello", tf.float16)`, if eager execution is enabled. ### Patches We have patched the vulnerability in GitHub commit [5ac1b9](https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf). We are additionally releasing TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. We encourage users to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0. ### For more information Please consult [`SECURITY.md`](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

受影響套件(7)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 4.0CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
osvCVSS 3.1MEDIUM5.0CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

參考連結(9)