{"data":{"id":"6c0bec16-fee8-40ab-afaa-3735d185c2b7","title":"CVE-2020-15214: In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentati","summary":"TensorFlow Lite versions before 2.2.1 and 2.3.1 have a bug where the segment sum operation (a function that groups and sums data) crashes or causes memory corruption if the segment IDs (labels that organize the data) are not sorted in increasing order. The code incorrectly assumes the IDs are sorted, so it allocates too little memory, leading to a segmentation fault (a crash caused by accessing memory it shouldn't).","solution":"Upgrade to TensorFlow Lite version 2.2.1 or 2.3.1. As a partial workaround for cases where segment IDs are stored in the model file, add a custom Verifier to the model loading code to check that segment IDs are sorted; however, this workaround does not work if segment IDs are generated during inference (when the model is running), in which case upgrading to patched code is necessary.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2020-15214","publishedAt":"2020-09-25T23:15:16.713Z","cveId":"CVE-2020-15214","cweIds":["CWE-787"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow","TensorFlow Lite"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00261,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}