CVE-2023-25670 — NULL Pointer Dereference in Tensorflow

CWE-476 — NULL Pointer Dereference6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 52.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

▶PyPIintel/optimization_for_tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize↗2023-03-24

▶

OSV

TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize↗2023-03-24

▶

CVEList

TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize↗2023-03-14

▶

Debian

CVE-2023-25670: tensorflow - TensorFlow is an open source platform for machine learning. Versions prior to 2....↗2023

▶