PT-2023-20237 · Google · Tensorflow
R3Pwnx
·
Publicado
2023-03-24
·
Atualizado
2024-03-06
·
CVE-2023-25675
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.12.0
TensorFlow versions prior to 2.11.1
Description
TensorFlow is an open source machine learning platform. When running with XLA,
tf.raw ops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.Recommendations
For versions prior to 2.12.0, update to TensorFlow 2.12.0 to resolve the issue.
For versions prior to 2.11.1, update to TensorFlow 2.11.1 to resolve the issue.
As a temporary workaround, consider avoiding the use of
tf.raw ops.Bincount with XLA when the weights parameter does not match the shape of arr or is not a length-0 tensor.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Tensorflow