CVE-2020-26267

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-26267

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26267.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-26267

Aliases

Downstream

openSUSE-SU-2022:10014-1

Related

Published

2020-12-10T23:15:12.723Z

Modified

2026-02-21T07:47:59.997661Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3db52be7be81a87c623cdeb7f03d3767521c5246

Introduced

2b96f3662bd776e277f86997659e61046b56c315

Fixed

d745ff2a48cebf18e847e8b602a744e97e058946

Introduced

64c3d382cadf7bbe8e7e99884bede8284ff67f56

Fixed

cdf2c541c3dd3fb6d03cce4d23fc6c548bc9017c

Introduced

b36436b087bd8e8701ef51718179037cccdfc26e

Fixed

9edbe5075f79a4a95ed14a2be831f9b59e61f49d

Introduced

e5bf8de410005de06a7ff5393fafdf832ef1d4ad

Fixed

77f47d6ed6ca1f50b6f2c4919097e625d50398a9

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.3.0

v2.3.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26267.json"