{"data":{"id":"0c06886e-5c74-456f-827a-f3e6ff43c0de","title":"CVE-2020-15213: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing ","summary":"TensorFlow Lite (a lightweight version of TensorFlow used on mobile and embedded devices) before versions 2.2.1 and 2.3.1 has a vulnerability where attackers can crash an application by making it try to allocate too much memory through the segment sum operation (a function that groups and sums data). The vulnerability works because the code uses the largest value in the input data to determine how much memory to request, so an attacker can provide a very large number to exhaust available memory.","solution":"Upgrade to TensorFlow versions 2.2.1 or 2.3.1. As a partial workaround (only if segment IDs are fixed in the model file), add a custom `Verifier` to limit the maximum value allowed in the segment IDs tensor. If segment IDs are generated during inference, similar validation can be added between inference steps. However, if segment IDs are generated as outputs of a tensor during inference, no workaround is possible and upgrading is required.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-15213","publishedAt":"2020-09-25T23:15:16.603Z","cveId":"CVE-2020-15213","cweIds":["CWE-119","CWE-770","CWE-770"],"cvssScore":"4","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow","TensorFlow Lite"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00217,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100","CAPEC-130"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}