CVE-2020-26268

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-26268
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26268.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-26268
Aliases
Downstream
Related
Published
2020-12-10T23:15:12.833Z
Modified
2026-02-06T22:59:06.139692Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/tensorflow
Events
Fixed
3db52be7be81a87c623cdeb7f03d3767521c5246
Introduced
e5bf8de410005de06a7ff5393fafdf832ef1d4ad
Fixed
77f47d6ed6ca1f50b6f2c4919097e625d50398a9
Introduced
b36436b087bd8e8701ef51718179037cccdfc26e
Fixed
9edbe5075f79a4a95ed14a2be831f9b59e61f49d
Fixed
c1e1fc899ad5f8c725dcbb6470069890b5060bc7
Introduced
64c3d382cadf7bbe8e7e99884bede8284ff67f56
Fixed
cdf2c541c3dd3fb6d03cce4d23fc6c548bc9017c
Introduced
2b96f3662bd776e277f86997659e61046b56c315
Fixed
d745ff2a48cebf18e847e8b602a744e97e058946

Database specific

vanir_signatures 
[
    {
        "signature_type": "Line",
        "source": "https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7",
        "target": {
            "file": "tensorflow/core/kernels/immutable_constant_op.cc"
        },
        "id": "CVE-2020-26268-c361656a",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "267612707639384056482526556901332291343",
                "13196249404871720951111421362531561647",
                "228212709260566625369616199640126760812"
            ]
        },
        "deprecated": false
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26268.json"