CVE-2023-25672

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.11.1 TensorFlow versions prior to 2.12.0

Description The function tf.raw ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives a Null Pointer Exception (NPE). TensorFlow is an open source platform for machine learning.

Recommendations For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. For versions prior to 2.12.0, update to version 2.12.0 to resolve the issue. As a temporary workaround, consider avoiding the use of scalars in the values parameter of the tf.raw ops.LookupTableImportV2 function until a patch is applied.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

AZL-31210

AZL-35317

BIT-TENSORFLOW-2023-25672

CVE-2023-25672

GHSA-94MM-G2MV-8P7R

Affected Products

Tensorflow

CVE-2023-25672

Weakness Enumeration

Related Identifiers

Affected Products

References · 13