PT-2023-20237 · Google · Tensorflow

R3Pwnx

Published

2023-03-24

Updated

2024-03-06

CVE-2023-25675

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.12.0 TensorFlow versions prior to 2.11.1

Description TensorFlow is an open source machine learning platform. When running with XLA, tf.raw ops.Bincount segfaults when given a parameter weights that is neither the same shape as parameter arr nor a length-0 tensor.

Recommendations For versions prior to 2.12.0, update to TensorFlow 2.12.0 to resolve the issue. For versions prior to 2.11.1, update to TensorFlow 2.11.1 to resolve the issue. As a temporary workaround, consider avoiding the use of tf.raw ops.Bincount with XLA when the weights parameter does not match the shape of arr or is not a length-0 tensor.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697

Related Identifiers

AZL-31212

AZL-35320

BIT-TENSORFLOW-2023-25675

CVE-2023-25675

GHSA-7X4V-9GXG-9HWJ

Affected Products

Tensorflow

PT-2023-20237 · Google · Tensorflow

CVE-2023-25675

Weakness Enumeration

Related Identifiers

Affected Products

References · 12