1## TFSA-2020-001: Segmentation fault when converting a Python string to `tf.float16` 2 3### CVE Number 4 5CVE-2020-5215 6 7### Issue Description 8 9Converting a string (from Python) to a `tf.float16` value results in a 10segmentation fault in eager mode as the format checks for this use case are only 11in the graph mode. 12 13### Impact 14 15This issue can lead to denial of service in inference/training where a malicious 16attacker can send a data point which contains a string instead of a `tf.float16` 17value. 18 19Similar effects can be obtained by manipulating saved models and checkpoints 20whereby replacing a scalar `tf.float16` value with a scalar string will trigger 21this issue due to automatic conversions. 22 23This can be easily reproduced by `tf.constant("hello", tf.float16)`, if eager 24execution is enabled. 25 26### Vulnerable Versions 27 28TensorFlow 1.12.0, 1.12.1, 1.12.2, 1.12.3, 1.13.0, 1.13.1, 1.13.2, 1.14.0, 291.15.0, 2.0.0. 30 31### Mitigation 32 33We have patched the vulnerability in GitHub commit 34[5ac1b9](https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf). 35 36We are additionally releasing TensorFlow 1.15.2 and 2.0.1 with this 37vulnerability patched. 38 39TensorFlow 2.1.0 was released after we fixed the issue, thus it is not affected. 40 41We encourage users to switch to TensorFlow 1.15.2, 2.0.1 or 2.1.0. 42