CVE-2023-25675 — Incorrect Comparison in Tensorflow

CWE-697 — Incorrect Comparison6 documents6 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 57.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Tensorflow Google Tensorflow Intel Optimization FOR Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

▶PyPIintel/optimization_for_tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

3

GHSA

TensorFlow has Segfault in Bincount with XLA↗2023-03-24

▶

OSV

TensorFlow has Segfault in Bincount with XLA↗2023-03-24

▶

CVEList

TensorFlow has Segfault in Bincount with XLA↗2023-03-24

▶

📋Vendor Advisories

2

Microsoft

TensorFlow has Segfault in Bincount with XLA↗2023-03-14

▶

Debian

CVE-2023-25675: tensorflow - TensorFlow is an open source machine learning platform. When running versions pr...↗2023

▶

CVE-2023-25675 — Incorrect Comparison in Tensorflow | cvebase