9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15205

GHSA ID

GHSA-g7p5-5759-qv46

EPSS Score

0.66785%

CWE

CWE-119

Published

9/25/2020

Updated

10/30/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2020-15205

CVE-2020-15205: Data leak in Tensorflow

Impact

The data_splits argument of tf.raw_ops.StringNGrams lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory

>>> tf.raw_ops.StringNGrams(data=["aa", "bb", "cc", "dd", "ee", "ff"], data_splits=[0,8], separator=" ", ngram_widths=[3], left_pad="", right_pad="", pad_width=0, preserve_short_sequences=False)
StringNGrams(ngrams=<tf.Tensor: shape=(6,), dtype=string, numpy=
array([b'aa bb cc', b'bb cc dd', b'cc dd ee', b'dd ee ff',
       b'ee ff \xf4j\xa7q\x7f\x00\x00q\x00\x00\x00\x00\x00\x00\x00\xd8\x9b~\xa8q\x7f\x00',
       b'ff \xf4j\xa7q\x7f\x00\x00q\x00\x00\x00\x00\x00\x00\x00\xd8\x9b~\xa8q\x7f\x00 \x9b~\xa8q\x7f\x00\x00p\xf5j\xa7q\x7f\x00\x00H\xf8j\xa7q\x7f\x00\x00\xf0\xf3\xf7\x85q\x7f\x00\x00`}\xa6\x00\x00\x00\x00\x00`~\xa6\x00\x00\x00\x00\x00\xb0~\xeb\x9bq\x7f\x00'],...

All the binary strings after ee ff are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR.

Patches

We have patched the issue in 0462de5b544ed4731aa2fb23946ac22c01856b80 and will release patch releases for all versions between 1.15 and 2.3.

We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by members of the Aivul Team from Qihoo 360.

(GitHub Advisory)

9.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2020-15205

GHSA ID

GHSA-g7p5-5759-qv46

EPSS Score

0.66785%

CWE

CWE-119

Published

9/25/2020

Updated

10/30/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tensorflow	pip	< 1.15.4	1.15.4
tensorflow	pip	>= 2.0.0, < 2.0.3	2.0.3
tensorflow	pip	>= 2.1.0, < 2.1.2	2.1.2
tensorflow	pip	= 2.2.0	2.2.1
tensorflow	pip	= 2.3.0	2.3.1
tensorflow-cpu	pip	< 1.15.4	1.15.4
tensorflow-cpu	pip	>= 2.0.0, < 2.0.3	2.0.3
tensorflow-cpu	pip	>= 2.1.0, < 2.1.2	2.1.2
tensorflow-cpu	pip	= 2.2.0	2.2.1
tensorflow-cpu	pip	= 2.3.0	2.3.1
tensorflow-gpu	pip	< 1.15.4	1.15.4
tensorflow-gpu	pip	>= 2.0.0, < 2.0.3	2.0.3
tensorflow-gpu	pip	>= 2.1.0, < 2.1.2	2.1.2
tensorflow-gpu	pip	= 2.2.0	2.2.1
tensorflow-gpu	pip	= 2.3.0	2.3.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability root cause was identified in the Compute method of StringNGramsOp where data_splits validation was missing. The GitHub patch shows validation logic was added to this exact function in string_ngrams_op.cc, checking split values against input data size. The CVE description explicitly references tf.raw_ops.StringNGrams as the vulnerable entry point, which maps to this implementation. The test case additions in raw_ops_test.py further confirm the vulnerability was in the core StringNGrams operation handling.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t T** `**t*_splits` *r*um*nt o* [`t*.r*w_ops.Strin*N*r*ms`](*ttps://www.t*nsor*low.or*/*pi_*o*s/pyt*on/t*/r*w_ops/Strin*N*r*ms) l**ks v*li**tion. T*is *llows * us*r to p*ss v*lu*s t**t **n **us* ***p ov*r*low *rrors *n* *v*n l**k *ont*nts o*

Reasoning

T** vuln*r**ility root **us* w*s i**nti*i** in t** *omput* m*t*o* o* Strin*N*r*msOp w**r* **t*_splits v*li**tion w*s missin*. T** *it*u* p*t** s*ows v*li**tion lo*i* w*s ***** to t*is *x**t *un*tion in strin*_n*r*ms_op.**, ****kin* split v*lu*s ***in

9.1

Basic Information

Concerned about an active attack path?

CVE-2020-15205: Data leak in Tensorflow

Impact

Patches

For more information

Attribution

9.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI