VYPR
High severityNVD Advisory· Published Sep 25, 2020· Updated Aug 4, 2024

Null pointer dereference in tensorflow-lite

CVE-2020-15209

Description

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a nullptr buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with nullptr. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
< 1.15.41.15.4
tensorflowPyPI
>= 2.0.0, < 2.0.32.0.3
tensorflowPyPI
>= 2.1.0, < 2.1.22.1.2
tensorflowPyPI
>= 2.2.0, < 2.2.12.2.1
tensorflowPyPI
>= 2.3.0, < 2.3.12.3.1
tensorflow-cpuPyPI
< 1.15.41.15.4
tensorflow-cpuPyPI
>= 2.0.0, < 2.0.32.0.3
tensorflow-cpuPyPI
>= 2.1.0, < 2.1.22.1.2
tensorflow-cpuPyPI
>= 2.2.0, < 2.2.12.2.1
tensorflow-cpuPyPI
>= 2.3.0, < 2.3.12.3.1
tensorflow-gpuPyPI
< 1.15.41.15.4
tensorflow-gpuPyPI
>= 2.0.0, < 2.0.32.0.3
tensorflow-gpuPyPI
>= 2.1.0, < 2.1.22.1.2
tensorflow-gpuPyPI
>= 2.2.0, < 2.2.12.2.1
tensorflow-gpuPyPI
>= 2.3.0, < 2.3.12.3.1

Affected products

9

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.