{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T12:42:32.744","vulnerabilities":[{"cve":{"id":"CVE-2020-15207","sourceIdentifier":"security-advisories@github.com","published":"2020-09-25T19:15:15.993","lastModified":"2024-11-21T05:05:05.250","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."},{"lang":"es","value":"En tensorflow-lite versiones anteriores a 1.15.4, 2.0.3, 2.1.2, 2.2.1 y 2.3.1, para imitar la indexación de Python con valores negativos, TFLite usa \"ResolveAxis\" para convertir valores negativos en índices positivos. Sin embargo, la única comprobación de que el índice convertido ahora es válido solo está presente en las compilaciones de depuración. Si el \"DCHECK\" no se activa, entonces la ejecución de código avanza con un índice negativo. Esto, a su vez, resulta en el acceso a los datos fuera de límites, resultando en segmentaciones y/o una corrupción de lo datos. El problema es parcheado en el commit 2d88f470dea2671b430884260f3626b1fe99830a, y es publicado en TensorFlow versiones 1.15.4, 2.0.3, 2.1.2, 2.2.1 o 2.3.1"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H","baseScore":8.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":9.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-119"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*","versionEndExcluding":"1.15.4","matchCriteriaId":"7A5421A9-693F-472A-9A21-43950C884C77"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.3","matchCriteriaId":"B0FEB74E-5E54-4A2F-910C-FA1812C73DB2"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*","versionStartIncluding":"2.1.0","versionEndExcluding":"2.1.2","matchCriteriaId":"47D83682-6615-49BC-8043-F36B9D017578"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.1","matchCriteriaId":"323B716A-E8F7-4CDA-B8FD-A56977D59C02"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:lite:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.1","matchCriteriaId":"C09502A8-B667-4867-BEBD-40333E98A601"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","matchCriteriaId":"B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}