How severe is CVE-2020-15207?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9 out of 10.

What type of vulnerability is CVE-2020-15207?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2020-15207

CRITICAL Year: 2020

CVSS v3 Score

9.0

Critical

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-119

View all →

Vulnerability Description

In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.

CVE-2017-2787

CRITICAL

CVSS:9.0(Critical)

A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buff...

CWE-1192017

CVE-2018-10731

CRITICAL

CVSS:9.0(Critical)

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-...

CWE-1192018

CVE-2015-5073

CRITICAL

CVSS:9.1(Critical)

Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap...

CWE-1192015

CVE-2015-8869

CRITICAL

CVSS:9.1(Critical)

OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the S...

CWE-1192015

CVE-2016-1903

CRITICAL

CVSS:9.1(Critical)

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cau...

CWE-1192016

CVE-2016-5114

CRITICAL

CVSS:9.1(Critical)

sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf return value, which allows attackers to obtain sensitive information ...

CWE-1192016

CVE-2020-15207

Vulnerability Description

Related Vulnerabilities

CVE-2017-2787

CVE-2018-10731

CVE-2015-5073

CVE-2015-8869

CVE-2016-1903

CVE-2016-5114