PT-2023-20227 · Google · Tensorflow

R3Pwnx

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25666

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description The issue is related to a floating point exception in the AudioSpectrogram function. The exception occurs when the stride is set to 0. This can be exploited by passing a stride value of 0 to the AudioSpectrogram function, which can cause a division by zero error. The vulnerability is present in versions prior to 2.12.0 and 2.11.1.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 or later. For versions prior to 2.11.1, update to version 2.11.1 or later. As a temporary workaround, consider avoiding the use of the AudioSpectrogram function with a stride value of 0 until a patch is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-697

Identificadores relacionados

AZL-31205

AZL-35311

BIT-TENSORFLOW-2023-25666

CVE-2023-25666

GHSA-F637-VH3R-VFH2

Produtos afetados

Tensorflow

PT-2023-20227 · Google · Tensorflow

CVE-2023-25666

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12