AI Threat Alert
CVE-2020-26270
LOWIn affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
| tensorflow | pip | — | No patch |
Severity & Risk
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
In affected versions of TensorFlow running an LSTM/GRU model where the LSTM/GRU layer receives an input with zero-length results in a CHECK failure when using the CUDA backend. This can result in a query-of-death vulnerability, via denial of service, if users can control the input to the layer. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L References
- github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3 Patch 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp Patch 3rd Party
- github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3 Patch 3rd Party
- github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp Patch 3rd Party