{"id":"GHSA-pg59-2f92-5cph","summary":"Heap buffer overflow in Tensorflow","details":"### Impact\nThe `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops.cc#L110-L117\n\nIn the sparse and ragged count weights are still accessed in parallel with the data:\nhttps://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/core/kernels/count_ops.cc#L199-L201\n\nBut, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights.\n\n### Patches\nWe have patched the issue in 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and will release a patch release.\n\nWe recommend users to upgrade to TensorFlow 2.3.1.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability is a variant of [GHSA-p5f8-gfw5-33w4](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4)","aliases":["BIT-tensorflow-2020-15196","CVE-2020-15196","PYSEC-2020-119","PYSEC-2020-276","PYSEC-2020-311"],"modified":"2026-05-08T04:44:32.884958930Z","published":"2020-09-25T18:28:21Z","database_specific":{"nvd_published_at":"2020-09-25T19:15:00Z","github_reviewed":true,"github_reviewed_at":"2020-09-25T16:48:44Z","cwe_ids":["CWE-119","CWE-122","CWE-125"],"severity":"MODERATE"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15196"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-276.yaml"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-311.yaml"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-119.yaml"},{"type":"PACKAGE","url":"https://github.com/tensorflow/tensorflow"},{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"}],"affected":[{"package":{"name":"tensorflow","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.3.0"},{"fixed":"2.3.1"}]}],"versions":["2.3.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-pg59-2f92-5cph/GHSA-pg59-2f92-5cph.json"}},{"package":{"name":"tensorflow-cpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-cpu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.3.0"},{"fixed":"2.3.1"}]}],"versions":["2.3.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-pg59-2f92-5cph/GHSA-pg59-2f92-5cph.json"}},{"package":{"name":"tensorflow-gpu","ecosystem":"PyPI","purl":"pkg:pypi/tensorflow-gpu"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.3.0"},{"fixed":"2.3.1"}]}],"versions":["2.3.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/09/GHSA-pg59-2f92-5cph/GHSA-pg59-2f92-5cph.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"}]}