CVE-2023-25659

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description The issue arises when the parameter indices for DynamicStitch does not match the shape of the parameter data, potentially triggering a stack OOB read.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider validating the shape of the indices and data parameters to ensure they match before using DynamicStitch.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-31201

AZL-35305

BIT-TENSORFLOW-2023-25659

CVE-2023-25659

GHSA-93VR-9Q9M-PJ8P

Affected Products

Tensorflow

CVE-2023-25659

Weakness Enumeration

Related Identifiers

Affected Products

References · 12