VulnerableCode Vulnerability Details - VCID-1ugt-z92x-nfbr

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-1ugt-z92x-nfbr

Essentials
Severities (3)
References (12)
Severity details (2)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1ugt-z92x-nfbr
Aliases	CVE-2020-15212 GHSA-hx2x-85gr-wrpq PYSEC-2020-135 PYSEC-2020-292 PYSEC-2020-327
Summary	In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-787

Out-of-bounds Write

System	Score	Found at
epss	0.00238	https://api.first.org/data/v1/epss?cve=CVE-2020-15212
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-hx2x-85gr-wrpq
cvssv3.1_qr	CRITICAL	https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx2x-85gr-wrpq

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2020-15212
		https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-292.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-327.yaml
		https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-135.yaml
		https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
		https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
		https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
		https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
		https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
		https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx2x-85gr-wrpq
CVE-2020-15212		https://nvd.nist.gov/vuln/detail/CVE-2020-15212
GHSA-hx2x-85gr-wrpq		https://github.com/advisories/GHSA-hx2x-85gr-wrpq

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.47076
EPSS Score	0.00238
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T20:19:47.107483+00:00	Pypa Importer	Import	https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2020-292.yaml	38.6.0