7.5
CVE-2020-26269
- EPSS 0.18%
- Published 10.12.2020 23:15:12
- Last modified 21.11.2024 05:19:42
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
In TensorFlow release candidate versions 2.4.0rc*, the general implementation for matching filesystem paths to globbing pattern is vulnerable to an access out of bounds of the array holding the directories. There are multiple invariants and preconditions that are assumed by the parallel implementation of GetMatchingPaths but are not verified by the PRs introducing it (#40861 and #44310). Thus, we are completely rewriting the implementation to fully specify and validate these. This is patched in version 2.4.0. This issue only impacts master branch and the release candidates for TF version 2.4. The final release of the 2.4 release will be patched.
Data is provided by the National Vulnerability Database (NVD)
Google ≫ Tensorflow Version2.4.0 Updaterc0
Google ≫ Tensorflow Version2.4.0 Updaterc1
Google ≫ Tensorflow Version2.4.0 Updaterc2
Google ≫ Tensorflow Version2.4.0 Updaterc3
Google ≫ Tensorflow Version2.4.0 Updaterc4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.366 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.