PT-2023-20227 · Google · Tensorflow
R3Pwnx
·
Published
2023-03-24
·
Updated
2024-03-06
·
CVE-2023-25666
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.12.0 and 2.11.1
Description
The issue is related to a floating point exception in the AudioSpectrogram function. The exception occurs when the stride is set to 0. This can be exploited by passing a
stride value of 0 to the AudioSpectrogram function, which can cause a division by zero error. The vulnerability is present in versions prior to 2.12.0 and 2.11.1.Recommendations
For versions prior to 2.12.0, update to version 2.12.0 or later.
For versions prior to 2.11.1, update to version 2.11.1 or later.
As a temporary workaround, consider avoiding the use of the
AudioSpectrogram function with a stride value of 0 until a patch is applied.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow