CVE-2023-25801

CWE-4156 documents6 sources

Severity

7.8HIGH

EPSS

0.1%

top 74.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tensorflow Tensorflow Google Tensorflow

Timeline

Latest updateMar 24

PublishedMar 25

Description

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:HExploitability: 2.5 | Impact: 5.5

Affected Packages5 packages

▶PyPItensorflow< 2.11.1

▶PyPItensorflow-cpu< 2.11.1

▶PyPItensorflow-gpu< 2.11.1

▶NVDgoogle/tensorflow< 2.12.0

▶CVEListV5tensorflow/tensorflow< 2.11.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

TensorFlow has double free in Fractional(Max/Avg)Pool↗2023-03-24

▶

GHSA

TensorFlow has double free in Fractional(Max/Avg)Pool↗2023-03-24

▶

CVEList

TensorFlow has double free in Fractional(Max/Avg)Pool↗2023-03-24

▶

📋Vendor Advisories

Microsoft

TensorFlow has double free in Fractional(Max/Avg)Pool↗2023-03-14

▶

Debian

CVE-2023-25801: tensorflow - TensorFlow is an open source machine learning platform. Prior to versions 2.12.0...↗2023

▶