AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2020-15193: In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized

highvulnerability

security

Source: NVD/CVE DatabaseSeptember 25, 2020CVE-2020-15193

Summary

TensorFlow versions before 2.2.1 and 2.3.1 have a vulnerability in the `dlpack.to_dlpack` function where it can be tricked into using uninitialized memory (memory that hasn't been set to a known value), leading to further memory corruption. The problem occurs because the code assumes the input is a TensorFlow tensor, but an attacker can pass in a regular Python object instead, causing a faulty type conversion that accesses memory incorrectly.

Solution / Mitigation

Upgrade to TensorFlow version 2.2.1 or 2.3.1, where the issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8.

Vulnerability Details

CVSS Score

7.1(high)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-908 CWE-908

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:38 PM

Classified by LLM (prompt v3) · confidence: 92%