CVE-2023-25671 — Out-of-bounds Write in Tensorflow

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 45.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

▶PyPIintel/optimization_for_tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

TensorFlow has segmentation fault in tfg-translate↗2023-03-24

▶

CVEList

TensorFlow has segmentation fault in tfg-translate↗2023-03-24

▶

GHSA

TensorFlow has segmentation fault in tfg-translate↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow has segmentation fault in tfg-translate↗2023-03-14

▶

Debian

CVE-2023-25671: tensorflow - TensorFlow is an open source platform for machine learning. There is out-of-boun...↗2023

▶