We found results for “”
CVE-2020-26266
Good to know:
Date: December 10, 2020
In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution. This is caused by having tensor buffers be filled with the default value of the type but forgetting to default initialize the quantized floating point types in Eigen. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Language: Python
Severity Score
Severity Score
Weakness Type (CWE)
Use of Uninitialized Resource
CWE-908Top Fix
Upgrade Version
Upgrade to version tensorflow-1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, 2.4.0,tensorflow-cpu-2.1.3, 2.2.2, 2.3.2, 2.4.0,tensorflow-gpu-1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, 2.4.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | LOW |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | LOCAL |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | PARTIAL |
Availability (A): | PARTIAL |
Additional information: |