CVE-2020-26267

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-26267
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26267.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-26267
Aliases
Downstream
Related
Published
2020-12-10T23:15:12Z
Modified
2025-10-15T12:30:23.843372Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In affected versions of TensorFlow the tf.rawops.DataFormatVecPermute API does not validate the srcformat and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ebc70b7a592420d3d2f359e4b1694c236b82c7ae

Affected versions

0.*

0.12.0-rc0
0.12.0-rc1
0.12.1
0.5.0
0.6.0

v0.*

v0.10.0
v0.10.0rc0
v0.11.0
v0.11.0rc0
v0.11.0rc1
v0.11.0rc2
v0.12.0
v0.7.0
v0.7.1
v0.8.0rc0
v0.9.0
v0.9.0rc0

v1.*

v1.0.0
v1.0.0-alpha
v1.0.0-rc0
v1.0.0-rc1
v1.0.0-rc2
v1.1.0
v1.1.0-rc0
v1.1.0-rc1
v1.1.0-rc2
v1.12.0
v1.12.0-rc0
v1.12.0-rc1
v1.12.0-rc2
v1.12.1
v1.2.0
v1.2.0-rc0
v1.2.0-rc1
v1.2.0-rc2
v1.3.0-rc0
v1.3.0-rc1
v1.5.0
v1.5.0-rc0
v1.5.0-rc1
v1.6.0
v1.6.0-rc0
v1.6.0-rc1
v1.7.0
v1.7.0-rc0
v1.7.0-rc1
v1.8.0
v1.8.0-rc0
v1.8.0-rc1
v1.9.0
v1.9.0-rc0
v1.9.0-rc1
v1.9.0-rc2

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "313994650402161586983917689434894485802",
                "130094773882623805663869682974364817317",
                "63662868083627739254062862644034061447",
                "275359223353134641114808102223859573201",
                "331307440669214918335895790650776587077",
                "83951950775522996153541642463375565806",
                "110680478284734640215047087273084300657",
                "329825087871365426555773122036027749837",
                "222270992452315474643495052266487055826",
                "315158931149083809491559055218996155829",
                "154603388818363930582659611870291908667",
                "185512401193860114234021105676990606824",
                "183029446372740524683017777512646302102",
                "1168723795512549235036915952055206157",
                "266922330232993059882635503985676463356",
                "133513391166850736861106802961685794558",
                "235945220321055799821111067271733113331",
                "251561166443076125767835700795166849206",
                "65525740044841502909301842366178829085",
                "148869675187540353363397726555020981607",
                "332263761514826419796309180666719486048",
                "53259635203583304156903165929834843192",
                "186953506709105487264072941382648011490",
                "79885697303505286815583400913045160495",
                "221193189215687644294057407398960998497",
                "121242689760206006999865113691868911763",
                "252420941107585766993710310642148456276",
                "142575214691111786979361361394672029840",
                "179634542567091506405428502619255654047",
                "157462980713806617184162930771827281434"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "tensorflow/core/kernels/data_format_ops.cc"
        },
        "signature_type": "Line",
        "id": "CVE-2020-26267-8190db3f",
        "signature_version": "v1",
        "source": "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae",
        "deprecated": false
    }
]