Description
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
Exploit, Third Party Advisory x_refsource_confirm
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79
Patch, Third Party Advisory x_refsource_misc
https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html
Scores
CVSS v3
7.5
EPSS
0.0094
EPSS Percentile
56.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-134
CWE-20
Status
published
Products (5)
google/tensorflow
< 1.15.4
opensuse/leap
15.2
pypi/tensorflow
0 - 1.15.4PyPI
pypi/tensorflow-cpu
0 - 1.15.4PyPI
pypi/tensorflow-gpu
0 - 1.15.4PyPI
Published
Sep 25, 2020
Tracked Since
Feb 18, 2026