PT-2023-20226 · Google · Tensorflow

Yu Tian

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25665

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1

Description The issue occurs when SparseSparseMaximum is given invalid sparse tensors as inputs, resulting in a null pointer error. This is a problem in the TensorFlow open source platform for machine learning.

Recommendations For versions prior to 2.12.0, update to TensorFlow version 2.12 or later. For versions prior to 2.11.1, update to TensorFlow version 2.11.1 or later. As a temporary workaround, consider avoiding the use of SparseSparseMaximum with invalid sparse tensors until a patch is applied.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

AZL-31216

AZL-35310

BIT-TENSORFLOW-2023-25665

CVE-2023-25665

GHSA-558H-MQ8X-7Q9G

Produtos afetados

Tensorflow

PT-2023-20226 · Google · Tensorflow

CVE-2023-25665

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11