CVE-2020-5215— Google TensorFlow 输入验证错误漏洞

Segmentation faultin TensorFlow when converting a Python string to tf.float16

In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker can send a data point which contains a string instead of a tf.float16 value. Similar effects can be obtained by manipulating saved models and checkpoints whereby replacing a scalar tf.float16 value with a scalar string will trigger this issue due to automatic conversions. This can be easily reproduced by tf.constant("hello", tf.float16), if eager execution is enabled. This issue is patched in TensorFlow 1.15.1 and 2.0.1 with this vulnerability patched. TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

对因果或异常条件的不恰当检查

Google TensorFlow 输入验证错误漏洞

Google TensorFlow是美国谷歌（Google）公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 1.15.2之前版本和2.0.1之前版本中字符串（从Python）转换为tf.float16类型的过程存在输入验证错误漏洞。远程攻击者可借助特制字符串利用该漏洞造成段错误。

N/A

N/A