CVE-2020-26270

CHECK-fail in LSTM with zero-length input in TensorFlow

Severity Score

3.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

En las versiones afectadas de TensorFlow que ejecutan un modelo LSTM/GRU donde la capa LSTM/GRU recibe una entrada con longitud cero, se produce un fallo de COMPROBACIÓN cuando se usa el backend CUDA. Esto puede resultar en una vulnerabilidad query-of-death, por medio de la denegación de servicio, si los usuarios pueden controlar la entrada a la capa. Esto es corregido en las versiones 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2 y 2.4.0.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

Low

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-10-01 CVE Reserved
2020-12-10 CVE Published
2023-03-08 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3	2020-12-14
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp	2020-12-14

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				< 1.15.5 Search vendor "Google" for product "Tensorflow" and version " < 1.15.5"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.0.0 < 2.0.4 Search vendor "Google" for product "Tensorflow" and version " >= 2.0.0 < 2.0.4"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.1.0 < 2.1.3 Search vendor "Google" for product "Tensorflow" and version " >= 2.1.0 < 2.1.3"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.2.0 < 2.2.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.2.0 < 2.2.2"		-		Affected
Google Search vendor "Google"		Tensorflow Search vendor "Google" for product "Tensorflow"				>= 2.3.0 < 2.3.2 Search vendor "Google" for product "Tensorflow" and version " >= 2.3.0 < 2.3.2"		-		Affected