{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T01:28:18.858","vulnerabilities":[{"cve":{"id":"CVE-2020-15192","sourceIdentifier":"security-advisories@github.com","published":"2020-09-25T19:15:14.480","lastModified":"2024-11-21T05:05:02.887","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1."},{"lang":"es","value":"En Tensorflow versiones anteriores a 2.2.1 y 2.3.1, si un usuario pasa una lista de cadenas hacia \"dlpack.to_dlpack\", se presenta una pérdida de memoria después de un fallo de comprobación esperada. El problema se produce porque el argumento \"status\" durante los fallos de comprobación no se verifica correctamente. Dado que cada uno de los métodos anteriores puede devolver un estado de error, el valor de \"status\" debe comprobarse antes de continuar. El problema es parcheado en el commit 22e07fb204386768e5bcbea563641ea11f96ceb8 y es publicado en TensorFlow versiones 2.2.1 o 2.3.1"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:N/I:N/A:P","baseScore":4.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.2.0:*:*:*:-:*:*:*","matchCriteriaId":"FB9BCD7D-1626-429F-B479-7D2F1E46B9C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:2.3.0:*:*:*:-:*:*:*","matchCriteriaId":"D0A7B69E-9388-48F0-B744-49453EBAF5D5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","matchCriteriaId":"B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}