← Back

CVE-2020-26266

nvd nist
Published: Dec 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability: 1.8 / Impact: 3.4
Source: NVD

Description

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Affected (5)

Products: Google: Tensorflow
Google
1 product
Tensorflow
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Google
Tensorflow
Before 1.15.5
Tensorflow
From 2.0.0 to 2.0.4
Tensorflow
From 2.1.0 to 2.1.3
Tensorflow
From 2.2.0 to 2.2.2
Tensorflow
From 2.3.0 to 2.3.2

Related CWEs

CWE-908
Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.

References (4)

Source: security-advisories@github.com
PatchThird Party Advisory
Source: security-advisories@github.com
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory

Timeline

No history available yet.