PT-2023-20234 · Google · Tensorflow

R3Pwnx

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25672

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11.1 TensorFlow versions prior to 2.12.0

Description The function tf.raw ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a Null Pointer Exception (NPE). TensorFlow is an open source platform for machine learning.

Recommendations For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. As a temporary workaround, consider avoiding the use of scalars in the values parameter of the tf.raw ops.LookupTableImportV2 function until a patch is applied.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

AZL-31210

AZL-35317

BIT-TENSORFLOW-2023-25672

CVE-2023-25672

GHSA-94MM-G2MV-8P7R

Produtos afetados

Tensorflow

PT-2023-20234 · Google · Tensorflow

CVE-2023-25672

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13