CVE-2020-15210 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2020-15210

CVE-2020-15210

Published:September 25, 2020

Updated:May 17, 2026

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

Affected Packages

tensorflow (PYTHON):

Affected version(s) >=0.11.0rc2 <1.15.4

Fix Suggestion:

Update to version 1.15.4

tensorflow (PYTHON):

Affected version(s) >=2.0.0 <2.0.3

Fix Suggestion:

Update to version 2.0.3

tensorflow (PYTHON):

Affected version(s) =2.2.0 <2.2.1

Fix Suggestion:

Update to version 2.2.1

tensorflow (PYTHON):

Affected version(s) >=2.1.0 <2.1.2

Fix Suggestion:

Update to version 2.1.2

tensorflow-gpu (PYTHON):

Affected version(s) =2.3.0 <2.3.1

Fix Suggestion:

Update to version 2.3.1

tensorflow (PYTHON):

Affected version(s) =2.3.0 <2.3.1

Fix Suggestion:

Update to version 2.3.1

tensorflow-cpu (PYTHON):

Affected version(s) =2.2.0 <2.2.1

Fix Suggestion:

Update to version 2.2.1

tensorflow-cpu (PYTHON):

Affected version(s) >=2.1.0 <2.1.2

Fix Suggestion:

Update to version 2.1.2

tensorflow-cpu (PYTHON):

Affected version(s) =2.3.0 <2.3.1

Fix Suggestion:

Update to version 2.3.1

tensorflow-gpu (PYTHON):

Affected version(s) >=2.0.0 <2.0.3

Fix Suggestion:

Update to version 2.0.3

tensorflow-gpu (PYTHON):

Affected version(s) >=2.1.0 <2.1.2

Fix Suggestion:

Update to version 2.1.2

tensorflow-gpu (PYTHON):

Affected version(s) >=0.12.0rc0 <1.15.4

Fix Suggestion:

Update to version 1.15.4

tensorflow-gpu (PYTHON):

Affected version(s) =2.2.0 <2.2.1

Fix Suggestion:

Update to version 2.2.1

Related Resources (14)

https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-325.yaml

https://github.com/tensorflow/tensorflow/commit/8c2092e9f9ef78b3f9060f8bf5ce7a49d1ccdc8f

https://github.com/tensorflow/tensorflow/commit/094329d0dcb8290bed2b1ee420934971f422c86d

https://github.com/tensorflow/tensorflow/commit/1c8709b437fec10875b0cf271889afec9bbf582e

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html

https://github.com/tensorflow/tensorflow/commit/f4159ccef23d11eb58ee4263beaaeac1be3343c7

https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453

https://nvd.nist.gov/vuln/detail/CVE-2020-15210

https://github.com/tensorflow/tensorflow/commit/f50a14b00560a383865c2273e4a9094add3888d5

https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-290.yaml

https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1

https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-133.yaml

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2

https://github.com/tensorflow/tensorflow

Do you need more information?

CVSS v4

Base Score:

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

HIGH

Weakness Type (CWE)

Improper Input Validation

CWE-20

Out-of-bounds Write

CWE-787

EPSS

Base Score:

0.33