PT-2023-20230 · Google · Tensorflow

R3Pwnx

Published

2023-03-24

Updated

2024-03-06

CVE-2023-25669

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 and 2.11.1

Description The issue arises when the stride and window size are not positive for tf.raw ops.AvgPoolGrad, potentially causing a floating point exception.

Recommendations For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider validating the stride and window size to ensure they are positive before using tf.raw ops.AvgPoolGrad.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697

Related Identifiers

AZL-31207

AZL-35314

BIT-TENSORFLOW-2023-25669

CVE-2023-25669

GHSA-RCF8-G8JV-VG6P

Affected Products

Tensorflow

PT-2023-20230 · Google · Tensorflow

CVE-2023-25669

Weakness Enumeration

Related Identifiers

Affected Products

References · 12