How severe is CVE-2020-15201?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.8 out of 10.

What type of vulnerability is CVE-2020-15201?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2020-15201 - MEDIUM Severity | CVSS 4.8

Vulnerability Description

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.

Related Vulnerabilities

CVE-2010-3359

MEDIUM

CVSS:4.8(Medium)

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a direc...

CWE-202010

CVE-2011-4968

MEDIUM

CVSS:4.8(Medium)

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

CWE-202011

CVE-2019-12626

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)...

CWE-202019

CVE-2019-1875

MEDIUM

CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the ...

CWE-202019

CVE-2020-15233

MEDIUM

CVSS:4.8(Medium)

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered ...

CWE-202020

CVE-2020-15234

MEDIUM

CVSS:4.8(Medium)

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client's registered redirect URLs and the redirect URL provided at the OAuth2 Au...

CWE-202020