PT-2024-12453 · Google · Tensorflow
Dmc1778
·
Published
2024-07-30
·
Updated
2024-10-01
·
CVE-2023-33976
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TensorFlow versions prior to 2.13
TensorFlow versions 2.12 and earlier
Description
The issue is caused by
array ops.upper bound when not given a rank 2 tensor, resulting in a segfault. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.Technical details about exploitation include:
array ops.upper boundcauses a segfault when not given a rank 2 tensor.
Recommendations
For TensorFlow versions prior to 2.13, update to version 2.13 or later to resolve the issue.
For TensorFlow versions 2.12 and earlier, update to version 2.12.1 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of
array ops.upper bound with tensors that are not rank 2 until a patch is available.Exploit
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tensorflow