CVE-2020-26270

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-26270

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26270.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-26270

Aliases

Downstream

openSUSE-SU-2022:10014-1

openSUSE-SU-2024:12116-1

Related

Published

2020-12-10T23:15:12.973Z

Modified

2026-02-21T07:38:04.002259Z

Severity

3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3db52be7be81a87c623cdeb7f03d3767521c5246

Introduced

2b96f3662bd776e277f86997659e61046b56c315

Fixed

d745ff2a48cebf18e847e8b602a744e97e058946

Introduced

64c3d382cadf7bbe8e7e99884bede8284ff67f56

Fixed

cdf2c541c3dd3fb6d03cce4d23fc6c548bc9017c

Introduced

b36436b087bd8e8701ef51718179037cccdfc26e

Fixed

9edbe5075f79a4a95ed14a2be831f9b59e61f49d

Introduced

e5bf8de410005de06a7ff5393fafdf832ef1d4ad

Fixed

77f47d6ed6ca1f50b6f2c4919097e625d50398a9

Affected versions

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.3.0

v2.3.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26270.json"