PT-2023-20235 · Google · Tensorflow

R3Pwnx

Publicado

2023-03-24

Atualizado

2024-03-06

CVE-2023-25673

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1

Description TensorFlow is an open source platform for machine learning. The issue is related to a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of tf.raw ops.TensorListSplit with vulnerable parameters, such as element shape set to -1 and lengths set to [0], until a patch is applied.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-697

Identificadores relacionados

AZL-31213

AZL-35318

BIT-TENSORFLOW-2023-25673

CVE-2023-25673

GHSA-647V-R7QQ-24FH

Produtos afetados

Tensorflow

PT-2023-20235 · Google · Tensorflow

CVE-2023-25673

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13