Login Sign Up

CVE-2020-26269

7.5 HIGH

📋 TL;DR

This CVE describes an out-of-bounds memory access vulnerability in TensorFlow's file path globbing implementation. Attackers could potentially read or write memory beyond allocated bounds, leading to crashes or arbitrary code execution. Only TensorFlow 2.4 release candidates and master branch development versions are affected.

💻 Affected Systems

Products:
  • TensorFlow
Versions: 2.4.0rc* (release candidates only), master branch development versions
Operating Systems: All platforms running affected TensorFlow versions
Default Config Vulnerable: ⚠️ Yes
Notes: Only release candidate versions of 2.4.0 are affected. Final 2.4.0 release and all other versions are not vulnerable.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or memory corruption leading to unstable behavior.

🟢

If Mitigated

No impact if patched version is used or vulnerable versions are not deployed.

🌐 Internet-Facing: MEDIUM - Requires specific TensorFlow functionality to be exposed and exploitable via path globbing operations.
🏢 Internal Only: LOW - Typically TensorFlow is used in ML pipelines rather than directly exposed services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires triggering the vulnerable path globbing functionality with specific inputs.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.4.0 (final release)

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw

Restart Required: Yes

Instructions:

1. Upgrade to TensorFlow 2.4.0 or later. 2. Run 'pip install --upgrade tensorflow' or equivalent for your package manager. 3. Restart all TensorFlow-dependent services.

🔧 Temporary Workarounds

Downgrade to stable version

all

Revert to TensorFlow 2.3.x or earlier stable versions

pip install tensorflow==2.3.0

Disable parallel globbing

all

Avoid using GetMatchingPaths functionality if possible

🧯 If You Can't Patch

  • Isolate TensorFlow services in restricted network segments
  • Implement strict input validation for path operations

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: 'python -c "import tensorflow as tf; print(tf.__version__)"' - if output starts with '2.4.0rc', you are vulnerable.

Check Version:

python -c "import tensorflow as tf; print(tf.__version__)"

Verify Fix Applied:

After upgrade, verify version is '2.4.0' or higher (not containing 'rc').

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow crashes with memory access violations
  • Segmentation faults in TensorFlow processes

Network Indicators:

  • Unusual file path patterns being sent to TensorFlow services

SIEM Query:

process_name:tensorflow AND (event_id:1000 OR exception_code:0xc0000005)

📊 Metadata

CVE ID: CVE-2020-26269
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-125
Published: December 10, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-26269, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)