{"id":"CVE-2020-15202","details":"In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.","aliases":["BIT-tensorflow-2020-15202","GHSA-h6fg-mjxg-hqq4","PYSEC-2020-125","PYSEC-2020-282","PYSEC-2020-317"],"modified":"2026-04-11T21:19:56.671546Z","published":"2020-09-25T19:15:15.493Z","related":["GHSA-h6fg-mjxg-hqq4","openSUSE-SU-2020:1766-1","openSUSE-SU-2024:12116-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"type":"EVIDENCE","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"df8c55ce12b5cfc6f29b01889f7773911a75e6ef"},{"introduced":"64c3d382cadf7bbe8e7e99884bede8284ff67f56"},{"fixed":"295ad2781683835be974faba0a191528d8079768"},{"introduced":"e5bf8de410005de06a7ff5393fafdf832ef1d4ad"},{"fixed":"ab35f2bf7132f9d20a0bea9a5d1849862737d4b4"},{"introduced":"2b96f3662bd776e277f86997659e61046b56c315"},{"fixed":"25fba035f3e453d94490932096282c7b0624bbb3"},{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"fcc4b966f1265f466e82617020af93670141b009"},{"fixed":"27b417360cbd671ef55915e4bb6bb06af8b8a832"},{"fixed":"ca8c013b5e97b1373b3bb1c97ea655e69f31a575"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.15.4"},{"introduced":"2.0.0"},{"fixed":"2.0.3"},{"introduced":"2.1.0"},{"fixed":"2.1.2"},{"introduced":"2.2.0"},{"fixed":"2.2.1"},{"introduced":"2.3.0"},{"fixed":"2.3.1"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.15.0","v1.15.0-rc0","v1.15.0-rc1","v1.15.0-rc2","v1.15.0-rc3","v1.15.2","v1.15.3","v1.6.0-rc1","v1.9.0-rc2","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.2.0","v2.3.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}],"vanir_signatures_modified":"2026-04-11T21:19:56Z","vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["76522214173436047375791787445764351902","251069558902172989654234900463356936711","64133528541827585722070207894526948030","24778865296730026768336390480983944469"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/topk_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-0503e122","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["127673812065743489622579631479231187116","115883249635117771978262382218551177437","179699857159232576660471907586812719470","282183227558066642916870584276345562963"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/random_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-285dcd5b","source":"https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832"},{"signature_type":"Line","digest":{"line_hashes":["58185359190645451083182359192435923593","121836043419759626881226105403575566976","68809376081251340786311124575075854565","184133931029712663206991783415301782615","141890636621652983017445151798594154627","120008381741880098412888339471202175764","200132040647892950965246711544206592211","305956264687131165837804166410874038781"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/image/crop_and_resize_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-388d829e","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["16503530223465914650326778346945576132","69917128178575714253350209538686540484","280130023087423644956112740636005532670","115561061948106686141201197198850226603"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/nth_element_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-5746462e","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["311857473137336276809078584928509253881","145200427811153236372005804105714212704","317532754562323792495098968070106934582","282183227558066642916870584276345562963"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/stateless_random_ops.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-5bc480e6","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["20684871070024043241034515558560823589","315572307899962111122285125756291523683","18476793605358095461206707654931656479","302479254191776488337822911832410061979"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/linalg/banded_triangular_solve_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-5fa25244","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["65402930557305111109094323625547391566","180639688932648031934649410730627595143","90389278723123074144713918027306501693","217893695720517477055469910417793543153","299368296802679720593664134155350995124","198911484875003549558588729545316199232","319635250752536177884910275713750112874","142492151711402795277630382152305272039","235365852518916415856022896906468223401","246594358939414688334702348201411287267"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/parameterized_truncated_normal_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-6d8fa72e","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["49388362587070857883011424938051732275","182345833524769119674858062048875688048","159281066571211044658814791462852431156","165862920666101699034185022357112945124","160332501408818180563375474413769704281","133624535692348618945257612964987686627","70146357367283853397304646523304066958","194888998010657877617798893389703908301","340024752766524227460244902722503938610","251900994400534352265889644797477686757","235264123759149857307401783014601954619","265169989207798012169191867407444375818"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/boosted_trees/prediction_ops.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-8d6bcc23","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["85996234445220541315962421172033354292","125979212587680147467816371163899976341","236405319715375809980413098239884364067","117459159471670142061662019933127385802"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/random_binomial_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-ba79abf1","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"},{"signature_type":"Line","digest":{"line_hashes":["182182534082564078562929145736446618543","107179309103464964803450747305323035393","61745639076349294345544669991714919652","249481167367796814478761019073950339557"],"threshold":0.9},"target":{"file":"tensorflow/core/kernels/random_poisson_op.cc"},"signature_version":"v1","deprecated":false,"id":"CVE-2020-15202-d187bcd4","source":"https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15202.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}