PT-2023-20230 · Google · Tensorflow

R3Pwnx

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25669

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description The issue arises when the stride and window size are not positive for tf.raw ops.AvgPoolGrad, potentially causing a floating point exception.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider validating the stride and window size to ensure they are positive before using tf.raw ops.AvgPoolGrad.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-697

Identificadores relacionados

AZL-31207

AZL-35314

BIT-TENSORFLOW-2023-25669

CVE-2023-25669

GHSA-RCF8-G8JV-VG6P

Produtos afetados

Tensorflow

PT-2023-20230 · Google · Tensorflow

CVE-2023-25669

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12