CVE-2023-25660

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

7.5HIGH

EPSS

0.2%

top 52.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Tensorflow Google Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶PyPItensorflow< 2.11.1

▶PyPItensorflow-cpu< 2.11.1

▶PyPItensorflow-gpu< 2.11.1

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.1.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`↗2023-03-24

▶

GHSA

TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`↗2023-03-24

▶

OSV

TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`↗2023-03-14

▶

Debian

CVE-2023-25660: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2....↗2023

▶