PT-2023-20219 · Google · Tensorflow

Dengyinlin

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25659

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description The issue arises when the parameter indices for DynamicStitch does not match the shape of the parameter data, potentially triggering a stack OOB read.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider validating the shape of the indices and data parameters to ensure they match before using DynamicStitch.

Exploit

Correção

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

AZL-31201

AZL-35305

BIT-TENSORFLOW-2023-25659

CVE-2023-25659

GHSA-93VR-9Q9M-PJ8P

Produtos afetados

Tensorflow

PT-2023-20219 · Google · Tensorflow

CVE-2023-25659

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12