CVE-2020-15213
Denial of service in tensorflow-lite
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.
En TensorFlow Lite versiones anteriores a 2.2.1 y 2.3.1, los modelos que utilizan la suma de segmentos pueden desencadenar una denegación de servicio al causar una asignación de memoria insuficiente en la implementación de la suma de segmentos. Dado que el código usa el último elemento del tensor que los conserva para determinar la dimensionalidad del tensor de salida, los atacantes pueden usar un valor muy grande para desencadenar una gran asignación. El problema es parcheado en el commit 204945b19e44b57906c9344c0d00120eeeae178a y es publicado en TensorFlow versiones 2.2.1 o 2.3.1. Una solución alternativa potencial sería agregar un "Verifier" personalizado para limitar el valor máximo en el tensor de los ids de segmento. Esto solo maneja el caso cuando los ids de segmento son almacenados estáticamente en el modelo, pero se podría realizar una comprobación similar si los ids de segmento son generados en el tiempo de ejecución, entre los pasos de inferencia. Sin embargo, si los ids de segmento son generados como salidas de un tensor durante los pasos de inferencia, entonces no existe una solución posible y se recomienda a los usuarios actualizar al código parcheado
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-25 CVE Reserved
- 2020-09-25 CVE Published
- 2023-05-02 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a | 2021-11-18 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.2.0 < 2.2.1 Search vendor "Google" for product "Tensorflow" and version " >= 2.2.0 < 2.2.1" | lite |
Affected
| ||||||
| Google Search vendor "Google" | Tensorflow Search vendor "Google" for product "Tensorflow" | >= 2.3.0 < 2.3.1 Search vendor "Google" for product "Tensorflow" and version " >= 2.3.0 < 2.3.1" | lite |
Affected
| ||||||