CVE-2023-25664 — Classic Buffer Overflow in Tensorflow

CWE-120 — Classic Buffer Overflow CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

9.8CRITICALNVD

CNA7.5

EPSS

0.1%

top 74.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

▶PyPIintel/optimization_for_tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

TensorFlow has Heap-buffer-overflow in AvgPoolGrad↗2023-03-24

▶

CVEList

TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad↗2023-03-24

▶

OSV

TensorFlow has Heap-buffer-overflow in AvgPoolGrad↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad↗2023-03-14

▶

Debian

CVE-2023-25664: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2....↗2023

▶