Home > Vulnerability Database > CVE-2020-26266

Mend.io Vulnerability Database

CVE-2020-26266

Good to know:

Date: December 10, 2020

In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.

Language: Python

Severity Score

5.3

Related Resources (4)

Url: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2

Url: https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-26266

Url: https://www.mend.io/vulnerability-database/CVE-2020-26266

Severity Score

5.3

Weakness Type (CWE)

Use of Uninitialized Resource

CWE-908

Top Fix

Upgrade Version

Upgrade to version tensorflow-1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, 2.4.0,tensorflow-cpu-2.1.3, 2.2.2, 2.3.2, 2.4.0,tensorflow-gpu-1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, 2.4.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-26266

Good to know:

Date: December 10, 2020

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?