CVE-2023-25663

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description The issue occurs when ctx->step containter() is a null pointer, causing the Lookup function to be executed with a null pointer. This can be triggered in certain scenarios, such as when using the tf.raw ops.TensorArrayConcatV2 function with specific parameters, including handle, flow in, dtype, and element shape except0. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the tf.raw ops.TensorArrayConcatV2 function with a null ctx->step containter() until a patch is applied.