{"data":{"id":"0cb0ec54-a17d-4ad8-870c-88ed20e9b902","title":"CVE-2020-5215: In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Python) to a tf.float16 value results in a segmentation","summary":"TensorFlow versions before 1.15.2 and 2.0.1 have a bug where converting a string to a tf.float16 value (a 16-bit floating-point number) causes a segmentation fault (a crash where the program tries to access memory it shouldn't). This vulnerability can be exploited by attackers sending malicious data containing strings instead of the expected number format, leading to denial of service (making the system unavailable) during AI model training or inference (using a trained model to make predictions).","solution":"Update to TensorFlow 1.15.1, 2.0.1, or 2.1.0, as the vulnerability is patched in these versions. The source states: 'Users are encouraged to switch to TensorFlow 1.15.1, 2.0.1 or 2.1.0.'","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-5215","publishedAt":"2020-01-29T03:15:11.090Z","cveId":"CVE-2020-5215","cweIds":["CWE-754","CWE-20"],"cvssScore":"5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00232,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}