CVE-2023-25669

CWE-6976 documents6 sources

Severity

7.5HIGH

EPSS

0.2%

top 57.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Tensorflow Google Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶PyPItensorflow< 2.11.1

▶PyPItensorflow-cpu< 2.11.1

▶PyPItensorflow-gpu< 2.11.1

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

TensorFlow has Floating Point Exception in AvgPoolGrad with XLA↗2023-03-24

▶

CVEList

TensorFlow has Floating Point Exception in AvgPoolGrad with XLA↗2023-03-24

▶

GHSA

TensorFlow has Floating Point Exception in AvgPoolGrad with XLA↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow has Floating Point Exception in AvgPoolGrad with XLA↗2023-03-14

▶

Debian

CVE-2023-25669: tensorflow - TensorFlow is an open source platform for machine learning. Prior to versions 2....↗2023

▶