CVE-2023-25673 — Incorrect Comparison in Tensorflow

CWE-697 — Incorrect Comparison6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

▶PyPIintel/optimization_for_tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

TensorFlow has Floating Point Exception in TensorListSplit with XLA↗2023-03-24

▶

OSV

TensorFlow has Floating Point Exception in TensorListSplit with XLA↗2023-03-24

▶

CVEList

TensorFlow has Floating Point Exception in TensorListSplit with XLA↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow has Floating Point Exception in TensorListSplit with XLA↗2023-03-14

▶

Debian

CVE-2023-25673: tensorflow - TensorFlow is an open source platform for machine learning. Versions prior to 2....↗2023

▶