{"id":"CVE-2020-15210","details":"In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.","aliases":["BIT-tensorflow-2020-15210","GHSA-x9j7-x98r-r4w2","PYSEC-2020-133","PYSEC-2020-290","PYSEC-2020-325"],"modified":"2026-04-11T12:40:02.972298Z","published":"2020-09-25T19:15:16.307Z","related":["GHSA-x9j7-x98r-r4w2","openSUSE-SU-2020:1766-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453"},{"type":"EVIDENCE","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"fixed":"df8c55ce12b5cfc6f29b01889f7773911a75e6ef"},{"introduced":"64c3d382cadf7bbe8e7e99884bede8284ff67f56"},{"fixed":"295ad2781683835be974faba0a191528d8079768"},{"introduced":"e5bf8de410005de06a7ff5393fafdf832ef1d4ad"},{"fixed":"ab35f2bf7132f9d20a0bea9a5d1849862737d4b4"},{"introduced":"2b96f3662bd776e277f86997659e61046b56c315"},{"fixed":"25fba035f3e453d94490932096282c7b0624bbb3"},{"introduced":"b36436b087bd8e8701ef51718179037cccdfc26e"},{"fixed":"fcc4b966f1265f466e82617020af93670141b009"},{"fixed":"d58c96946b2880991d63d1dacacb32f0a4dfa453"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.15.4"},{"introduced":"2.0.0"},{"fixed":"2.0.3"},{"introduced":"2.1.0"},{"fixed":"2.1.2"},{"introduced":"2.2.0"},{"fixed":"2.2.1"},{"introduced":"2.3.0"},{"fixed":"2.3.1"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.15.0","v1.15.0-rc0","v1.15.0-rc1","v1.15.0-rc2","v1.15.0-rc3","v1.15.2","v1.15.3","v1.6.0-rc1","v1.9.0-rc2","v2.0.0","v2.0.1","v2.0.2","v2.1.0","v2.1.1","v2.2.0","v2.3.0"],"database_specific":{"vanir_signatures":[{"source":"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453","digest":{"length":1768,"function_hash":"271499100640199661187945076113145677825"},"deprecated":false,"target":{"file":"tensorflow/lite/core/subgraph.cc","function":"Subgraph::AddNodeWithParameters"},"id":"CVE-2020-15210-1a270a8f","signature_type":"Function","signature_version":"v1"},{"source":"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453","digest":{"line_hashes":["223430552221354511089063070085818374467","16921978511952566327535291651336745010","234663808337529557859834212304646738555"],"threshold":0.9},"deprecated":false,"target":{"file":"tensorflow/lite/model_test.cc"},"id":"CVE-2020-15210-77c1c30b","signature_type":"Line","signature_version":"v1"},{"source":"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453","digest":{"line_hashes":["205435682110525021304340706187361747346","218525562072316164906181765876475931025","206181148045709910831354288205920019401","80499690413841514969529199666071100925","31644574748737310766687022137205258206","126560539008428497682787409249895600598"],"threshold":0.9},"deprecated":false,"target":{"file":"tensorflow/lite/core/subgraph.cc"},"id":"CVE-2020-15210-7887a2ee","signature_type":"Line","signature_version":"v1"},{"source":"https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453","digest":{"line_hashes":["260485882208232690573024683960352476035","171878699289669915931288448196082696729","234955203438120151219278028179414602281"],"threshold":0.9},"deprecated":false,"target":{"file":"tensorflow/lite/core/subgraph.h"},"id":"CVE-2020-15210-8d85dbd8","signature_type":"Line","signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T12:40:02Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15210.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"}]}