CVE-2020-15193

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-15193
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15193.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-15193
Aliases
Downstream
Related
Published
2020-09-25T19:15:14Z
Modified
2025-09-19T12:28:09.343096Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
Summary
[none]
Details

In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of dlpack.to_dlpack can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a reinterpret_cast Since the PyObject is a Python object, not a TensorFlow Tensor, the cast to EagerTensor fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
22e07fb204386768e5bcbea563641ea11f96ceb8
Fixed
fcc4b966f1265f466e82617020af93670141b009

Affected versions

0.*

0.12.0-rc0
0.12.0-rc1
0.12.1
0.5.0
0.6.0

v0.*

v0.10.0
v0.10.0rc0
v0.11.0
v0.11.0rc0
v0.11.0rc1
v0.11.0rc2
v0.12.0
v0.7.0
v0.7.1
v0.8.0rc0
v0.9.0
v0.9.0rc0

v1.*

v1.0.0
v1.0.0-alpha
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.1.0
v1.1.0-rc0
v1.1.0-rc1
v1.1.0-rc2
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.3.0-rc0
v1.3.0-rc1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.9.0
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2

v2.*

v2.3.0
v2.3.0-rc0
v2.3.0-rc1
v2.3.0-rc2

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "302909230814631908500873842520316055001",
                "length": 1068.0
            },
            "id": "CVE-2020-15193-28b47c62",
            "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "tensorflow/c/eager/dlpack.cc",
                "function": "TFE_HandleToDLPack"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "24753109135250677179816536229137657275",
                "length": 40733.0
            },
            "id": "CVE-2020-15193-5c62b918",
            "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "tensorflow/python/tfe_wrapper.cc",
                "function": "PYBIND11_MODULE"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "203184394093938566735101442339476286402",
                    "5057783822461729014686159011822875566",
                    "276337694304556640652692797546760300494",
                    "324519683375647210480153687631467865768",
                    "150394200301454229501015301415659583403",
                    "193926713344694573779654214522808465940"
                ]
            },
            "id": "CVE-2020-15193-61b62625",
            "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "tensorflow/python/tfe_wrapper.cc"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "292945338278192546795872999715438919692",
                    "8499956686667079679287218720624198012",
                    "307114024074474464007071230750556435264",
                    "328636996453833581469835052556533486484",
                    "330074296641229322375849268324042839247",
                    "297098567421169699229427655622528681499",
                    "5005939368759929207605833461930312587",
                    "71125840436849761506943478301431655003",
                    "188619440248625237133937985021060796580",
                    "238407969739438406160217647691629800386",
                    "270117986294955159119535060630390044808",
                    "195004349352804827391322080325011119731",
                    "141444573330419127191167987337461451144",
                    "150569583603784431261765181427430532486",
                    "153618812154243453255623643549632453896",
                    "48503017837638972005747806247883235751",
                    "132225355395750670746629296731937542309",
                    "96071311886532311406221375120395617570",
                    "105512974983660108519637253708194445101",
                    "78023981141124778261323221962248709649",
                    "291525630689812036460554464906136495752",
                    "200733148512573282717005722123763233839"
                ]
            },
            "id": "CVE-2020-15193-ba7f858a",
            "source": "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "tensorflow/c/eager/dlpack.cc"
            },
            "deprecated": false
        }
    ]
}