Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qr42-9658-n3c6
Vulnerability ID VCID-qr42-9658-n3c6
Aliases BIT-tensorflow-2020-15214
CVE-2020-15214
GHSA-p2cq-cprg-frvm
PYSEC-2020-137
PYSEC-2020-294
PYSEC-2020-329
Summary In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00261 https://api.first.org/data/v1/epss?cve=CVE-2020-15214
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-p2cq-cprg-frvm
cvssv3.1 8.1 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml
cvssv4 9.1 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml
cvssv3.1 8.1 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-329.yaml
cvssv4 9.1 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-329.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-329.yaml
cvssv3.1 8.1 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-137.yaml
cvssv4 9.1 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-137.yaml
generic_textual CRITICAL https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-137.yaml
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow
cvssv4 9.1 https://github.com/tensorflow/tensorflow
generic_textual CRITICAL https://github.com/tensorflow/tensorflow
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
cvssv4 9.1 https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/segment_sum.cc#L39-L44
cvssv4 9.1 https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/segment_sum.cc#L39-L44
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/segment_sum.cc#L39-L44
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
cvssv4 9.1 https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
cvssv4 9.1 https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
cvssv4 9.1 https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
cvssv4 9.1 https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
cvssv3.1 8.1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
cvssv3.1_qr CRITICAL https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
cvssv4 9.1 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
generic_textual CRITICAL https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15214
cvssv4 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-15214
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2020-15214
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-15214
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-329.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-137.yaml
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/segment_sum.cc#L39-L44
https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
CVE-2020-15214 https://nvd.nist.gov/vuln/detail/CVE-2020-15214
GHSA-p2cq-cprg-frvm https://github.com/advisories/GHSA-p2cq-cprg-frvm
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-329.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2020-329.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-137.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2020-137.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/internal/reference/reference_ops.h#L2625-L2631
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/segment_sum.cc#L39-L44
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/blob/0e68f4d3295eb0281a517c3662f6698992b7b2cf/tensorflow/lite/kernels/segment_sum.cc#L39-L44
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/commit/00c7ed7ce81c2126ebc17dfe7073b5c0efd5ec0a
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/commit/a4030d8ba3692c438997c27be2dd95f3d5f54827
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15214
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15214
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.49621
EPSS Score 0.00261
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:19:48.826194+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/tensorflow-cpu/PYSEC-2020-294.yaml 38.6.0