{"id":"BIT-tensorflow-2020-26267","summary":"Lack of validation in data format attributes in TensorFlow","details":"In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.","aliases":["CVE-2020-26267","GHSA-c9f3-9wfr-wgh7","PYSEC-2020-140","PYSEC-2020-298","PYSEC-2020-333"],"modified":"2025-05-20T10:02:07.006Z","published":"2024-03-06T11:20:17.433Z","database_specific":{"cpes":["cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26267"}],"affected":[{"package":{"name":"tensorflow","ecosystem":"Bitnami","purl":"pkg:bitnami/tensorflow"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.15.5"},{"introduced":"2.0.0"},{"fixed":"2.0.4"},{"introduced":"2.1.0"},{"fixed":"2.1.3"},{"introduced":"2.2.0"},{"fixed":"2.2.2"},{"introduced":"2.3.0"},{"fixed":"2.3.2"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/tensorflow/BIT-tensorflow-2020-26267.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}],"schema_version":"1.7.3"}