{"data":{"id":"6128a6fd-36f0-474f-91c3-0aa05161b885","title":"CVE-2020-26271: In affected versions of TensorFlow under certain cases, loading a saved model can result in accessing uninitialized memo","summary":"TensorFlow has a vulnerability where loading a saved model can access uninitialized memory (data that hasn't been set to a known value) when building a computation graph. The bug occurs in the MakeEdge function, which connects parts of a neural network together, because it doesn't verify that array indices are valid before accessing them, potentially allowing attackers to leak memory addresses from the library.","solution":"This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. Users should update to one of these patched versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-26271","publishedAt":"2020-12-11T03:15:12.077Z","cveId":"CVE-2020-26271","cweIds":["CWE-125","CWE-125","CWE-908"],"cvssScore":"4.4","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}