{"id":"CVE-2020-15194","details":"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.\"","aliases":["BIT-tensorflow-2020-15194","GHSA-9mqp-7v2h-2382","PYSEC-2020-117","PYSEC-2020-274","PYSEC-2020-309"],"modified":"2026-04-11T21:48:51.792968Z","published":"2020-09-25T19:15:14.683Z","related":["GHSA-9mqp-7v2h-2382","openSUSE-SU-2020:1766-1","openSUSE-SU-2024:12116-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.2"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"df8c55ce12b5cfc6f29b01889f7773911a75e6ef"},{"introduced":"64c3d382cadf7bbe8e7e99884bede8284ff67f56"},{"fixed":"295ad2781683835be974faba0a191528d8079768"},{"introduced":"e5bf8de410005de06a7ff5393fafdf832ef1d4ad"},{"fixed":"ab35f2bf7132f9d20a0bea9a5d1849862737d4b4"},{"introduced":"2b96f3662bd776e277f86997659e61046b56c315"},{"fixed":"25fba035f3e453d94490932096282c7b0624bbb3"},{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"fcc4b966f1265f466e82617020af93670141b009"},{"fixed":"390611e0d45c5793c7066110af37c8514e6a6c54"}],"database_specific":{"cpe":"cpe:2.3:a:google:tensorflow:*:*:*:*:-:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"1.15.4"},{"introduced":"2.0.0"},{"fixed":"2.0.3"},{"introduced":"2.1.0"},{"fixed":"2.1.2"},{"introduced":"2.2.0"},{"fixed":"2.2.1"},{"introduced":"2.3.0"},{"fixed":"2.3.1"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.15.0","v1.15.0-rc0","v1.15.0-rc1","v1.15.0-rc2","v1.15.0-rc3","v1.15.2","v1.15.3","v1.6.0-rc1","v1.9.0-rc2","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.2.0","v2.3.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T21:48:51Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-15194.json","vanir_signatures":[{"id":"CVE-2020-15194-36cad8cf","target":{"file":"tensorflow/core/kernels/sparse_fill_empty_rows_op.cc"},"source":"https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["259848440958415696715521615731029030452","218541846242894194789173260655204712511","71097890848980966314294188268620153762","138667248717434564490272608563126366461","208001727616036684745631798481607273358","134824706081532736489721039651720296162","87814817203424266253895897990251901181","291342232809186222451047035231406968374","91120970708461343970534351591815534898"],"threshold":0.9},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}