Search criteria
802 vulnerabilities found for tensorflow by tensorflow
CVE-2023-33976 (GCVE-0-2023-33976)
Vulnerability from cvelistv5 – Published: 2024-07-30 19:27 – Updated: 2024-08-02 15:54
VLAI?
Summary
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.13.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T20:13:44.817399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:14:02.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:27:14.532Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586"
}
],
"source": {
"advisory": "GHSA-gjh7-xx4r-x345",
"discovery": "UNKNOWN"
},
"title": "TensorFlow segfault in array_ops.upper_bound"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33976",
"datePublished": "2024-07-30T19:27:14.532Z",
"dateReserved": "2023-05-24T13:46:35.955Z",
"dateUpdated": "2024-08-02T15:54:14.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25661 (GCVE-0-2023-25661)
Vulnerability from cvelistv5 – Published: 2023-03-27 19:52 – Updated: 2025-02-19 15:26
VLAI?
Summary
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25661",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:25:34.132307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:26:33.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T19:52:07.826Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2"
}
],
"source": {
"advisory": "GHSA-fxgc-95xx-grvq",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in TensorFlow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25661",
"datePublished": "2023-03-27T19:52:07.826Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T15:26:33.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25660 (GCVE-0-2023-25660)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:44 – Updated: 2025-02-19 20:30
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:30:06.336761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:30:18.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray\u003cbool\u003e` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:44:30.233Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1"
}
],
"source": {
"advisory": "GHSA-qjqc-vqcf-5qvj",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25660",
"datePublished": "2023-03-24T23:44:30.233Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:30:18.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25659 (GCVE-0-2023-25659)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:43 – Updated: 2025-02-19 20:34
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:34:25.900748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:34:37.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:43:26.319Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05"
}
],
"source": {
"advisory": "GHSA-93vr-9q9m-pj8p",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25659",
"datePublished": "2023-03-24T23:43:26.319Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:34:37.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25658 (GCVE-0-2023-25658)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:42 – Updated: 2025-02-19 20:13
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:13:25.604996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:13:29.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:42:46.482Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb"
}
],
"source": {
"advisory": "GHSA-68v3-g9cm-rmm6",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25658",
"datePublished": "2023-03-24T23:42:46.482Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:13:29.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25662 (GCVE-0-2023-25662)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:41 – Updated: 2025-02-19 20:37
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:37:26.484915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:37:37.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:41:15.425Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c"
}
],
"source": {
"advisory": "GHSA-7jvm-xxmr-v5cw",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to integer overflow in EditDistance"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25662",
"datePublished": "2023-03-24T23:41:15.425Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:37:37.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25663 (GCVE-0-2023-25663)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:40 – Updated: 2025-02-19 20:38
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:38:12.185963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:38:24.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx-\u003estep_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:40:59.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a"
}
],
"source": {
"advisory": "GHSA-64jg-wjww-7c5w",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Null Pointer Error in TensorArrayConcatV2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25663",
"datePublished": "2023-03-24T23:40:59.362Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:38:24.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25664 (GCVE-0-2023-25664)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:40 – Updated: 2025-02-19 20:39
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:38:56.264017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:39:09.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:40:40.590Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b"
}
],
"source": {
"advisory": "GHSA-6hg6-5c2q-7rcr",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25664",
"datePublished": "2023-03-24T23:40:40.590Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:39:09.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25667 (GCVE-0-2023-25667)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:40 – Updated: 2025-02-19 20:39
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
6.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:39:37.472760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:39:52.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 \u003c= num_frames * height * width * channels \u003c 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:40:20.893Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d"
}
],
"source": {
"advisory": "GHSA-fqm2-gh8w-gr68",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to segfault when opening multiframe gif"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25667",
"datePublished": "2023-03-24T23:40:20.893Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:39:52.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25666 (GCVE-0-2023-25666)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:39 – Updated: 2025-02-19 20:40
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:40:27.852600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:40:39.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:39:55.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14"
}
],
"source": {
"advisory": "GHSA-f637-vh3r-vfh2",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Floating Point Exception in AudioSpectrogram "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25666",
"datePublished": "2023-03-24T23:39:55.696Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:40:39.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25665 (GCVE-0-2023-25665)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:39 – Updated: 2025-02-19 20:31
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:30:58.928514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:31:10.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:39:26.921Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04"
}
],
"source": {
"advisory": "GHSA-558h-mq8x-7q9g",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Null Pointer Error in SparseSparseMaximum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25665",
"datePublished": "2023-03-24T23:39:26.921Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:31:10.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25668 (GCVE-0-2023-25668)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:33 – Updated: 2025-02-19 20:32
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:32:32.556614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:32:48.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:33:50.296Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"
}
],
"source": {
"advisory": "GHSA-gw97-ff7c-9v96",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25668",
"datePublished": "2023-03-24T23:33:50.296Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:32:48.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25669 (GCVE-0-2023-25669)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:32 – Updated: 2025-02-19 20:33
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:33:22.992564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:33:36.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:32:57.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d"
}
],
"source": {
"advisory": "GHSA-rcf8-g8jv-vg6p",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Floating Point Exception in AvgPoolGrad with XLA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25669",
"datePublished": "2023-03-24T23:32:57.394Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:33:36.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25670 (GCVE-0-2023-25670)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:32 – Updated: 2025-02-19 20:41
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:41:15.488644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:41:24.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:32:12.780Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727"
}
],
"source": {
"advisory": "GHSA-49rq-hwc3-x77w",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25670",
"datePublished": "2023-03-24T23:32:12.780Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:41:24.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25671 (GCVE-0-2023-25671)
Vulnerability from cvelistv5 – Published: 2023-03-24 23:31 – Updated: 2025-02-19 20:42
VLAI?
Summary
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:42:11.368861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:42:24.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:31:40.731Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938"
}
],
"source": {
"advisory": "GHSA-j5w9-hmfh-4cr6",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has segmentation fault in tfg-translate "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25671",
"datePublished": "2023-03-24T23:31:40.731Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:42:24.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-33976 (GCVE-0-2023-33976)
Vulnerability from nvd – Published: 2024-07-30 19:27 – Updated: 2024-08-02 15:54
VLAI?
Summary
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.13.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-33976",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T20:13:44.817399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T20:14:02.779Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:54:14.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-30T19:27:14.532Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586"
}
],
"source": {
"advisory": "GHSA-gjh7-xx4r-x345",
"discovery": "UNKNOWN"
},
"title": "TensorFlow segfault in array_ops.upper_bound"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-33976",
"datePublished": "2024-07-30T19:27:14.532Z",
"dateReserved": "2023-05-24T13:46:35.955Z",
"dateUpdated": "2024-08-02T15:54:14.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25661 (GCVE-0-2023-25661)
Vulnerability from nvd – Published: 2023-03-27 19:52 – Updated: 2025-02-19 15:26
VLAI?
Summary
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.
Severity ?
6.5 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25661",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:25:34.132307Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:26:33.556Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T19:52:07.826Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2"
}
],
"source": {
"advisory": "GHSA-fxgc-95xx-grvq",
"discovery": "UNKNOWN"
},
"title": "Denial of Service in TensorFlow"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25661",
"datePublished": "2023-03-27T19:52:07.826Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T15:26:33.556Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25660 (GCVE-0-2023-25660)
Vulnerability from nvd – Published: 2023-03-24 23:44 – Updated: 2025-02-19 20:30
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.349Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:30:06.336761Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:30:18.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray\u003cbool\u003e` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:44:30.233Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1"
}
],
"source": {
"advisory": "GHSA-qjqc-vqcf-5qvj",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25660",
"datePublished": "2023-03-24T23:44:30.233Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:30:18.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25659 (GCVE-0-2023-25659)
Vulnerability from nvd – Published: 2023-03-24 23:43 – Updated: 2025-02-19 20:34
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:34:25.900748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:34:37.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:43:26.319Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05"
}
],
"source": {
"advisory": "GHSA-93vr-9q9m-pj8p",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25659",
"datePublished": "2023-03-24T23:43:26.319Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:34:37.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25658 (GCVE-0-2023-25658)
Vulnerability from nvd – Published: 2023-03-24 23:42 – Updated: 2025-02-19 20:13
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.407Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:13:25.604996Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:13:29.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:42:46.482Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-68v3-g9cm-rmm6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ff459137c2716a2a60f7d441b855fcb466d778cb"
}
],
"source": {
"advisory": "GHSA-68v3-g9cm-rmm6",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25658",
"datePublished": "2023-03-24T23:42:46.482Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:13:29.872Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25662 (GCVE-0-2023-25662)
Vulnerability from nvd – Published: 2023-03-24 23:41 – Updated: 2025-02-19 20:37
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25662",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:37:26.484915Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:37:37.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:41:15.425Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c"
}
],
"source": {
"advisory": "GHSA-7jvm-xxmr-v5cw",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to integer overflow in EditDistance"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25662",
"datePublished": "2023-03-24T23:41:15.425Z",
"dateReserved": "2023-02-09T20:58:21.857Z",
"dateUpdated": "2025-02-19T20:37:37.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25663 (GCVE-0-2023-25663)
Vulnerability from nvd – Published: 2023-03-24 23:40 – Updated: 2025-02-19 20:38
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:38:12.185963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:38:24.943Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx-\u003estep_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:40:59.362Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538a"
}
],
"source": {
"advisory": "GHSA-64jg-wjww-7c5w",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Null Pointer Error in TensorArrayConcatV2"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25663",
"datePublished": "2023-03-24T23:40:59.362Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:38:24.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25664 (GCVE-0-2023-25664)
Vulnerability from nvd – Published: 2023-03-24 23:40 – Updated: 2025-02-19 20:39
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Severity ?
7.5 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25664",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:38:56.264017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:39:09.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:40:40.590Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcr"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5b"
}
],
"source": {
"advisory": "GHSA-6hg6-5c2q-7rcr",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25664",
"datePublished": "2023-03-24T23:40:40.590Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:39:09.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25667 (GCVE-0-2023-25667)
Vulnerability from nvd – Published: 2023-03-24 23:40 – Updated: 2025-02-19 20:39
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
6.5 (Medium)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:39:37.472760Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:39:52.657Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 \u003c= num_frames * height * width * channels \u003c 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:40:20.893Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8dc723fcdd1a6127d6c970bd2ecb18b019a1a58d"
}
],
"source": {
"advisory": "GHSA-fqm2-gh8w-gr68",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to segfault when opening multiframe gif"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25667",
"datePublished": "2023-03-24T23:40:20.893Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:39:52.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25666 (GCVE-0-2023-25666)
Vulnerability from nvd – Published: 2023-03-24 23:39 – Updated: 2025-02-19 20:40
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.261Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25666",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:40:27.852600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:40:39.166Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:39:55.696Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f637-vh3r-vfh2"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/d0d4e779da0d0f56499c6fa5ba09f0a576cc6b14"
}
],
"source": {
"advisory": "GHSA-f637-vh3r-vfh2",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Floating Point Exception in AudioSpectrogram "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25666",
"datePublished": "2023-03-24T23:39:55.696Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:40:39.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25665 (GCVE-0-2023-25665)
Vulnerability from nvd – Published: 2023-03-24 23:39 – Updated: 2025-02-19 20:31
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25665",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:30:58.928514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:31:10.311Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:39:26.921Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04"
}
],
"source": {
"advisory": "GHSA-558h-mq8x-7q9g",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Null Pointer Error in SparseSparseMaximum"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25665",
"datePublished": "2023-03-24T23:39:26.921Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:31:10.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25668 (GCVE-0-2023-25668)
Vulnerability from nvd – Published: 2023-03-24 23:33 – Updated: 2025-02-19 20:32
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Severity ?
9.8 (Critical)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:32:32.556614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:32:48.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:33:50.296Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb"
}
],
"source": {
"advisory": "GHSA-gw97-ff7c-9v96",
"discovery": "UNKNOWN"
},
"title": "TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25668",
"datePublished": "2023-03-24T23:33:50.296Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:32:48.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25669 (GCVE-0-2023-25669)
Vulnerability from nvd – Published: 2023-03-24 23:32 – Updated: 2025-02-19 20:33
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-697 - Incorrect Comparison
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:33:22.992564Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:33:36.588Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-697",
"description": "CWE-697: Incorrect Comparison",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:32:57.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d"
}
],
"source": {
"advisory": "GHSA-rcf8-g8jv-vg6p",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Floating Point Exception in AvgPoolGrad with XLA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25669",
"datePublished": "2023-03-24T23:32:57.394Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:33:36.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25670 (GCVE-0-2023-25670)
Vulnerability from nvd – Published: 2023-03-24 23:32 – Updated: 2025-02-19 20:41
VLAI?
Summary
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:41:15.488644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:41:24.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:32:12.780Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/8a47a39d9697969206d23a523c977238717e8727"
}
],
"source": {
"advisory": "GHSA-49rq-hwc3-x77w",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25670",
"datePublished": "2023-03-24T23:32:12.780Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:41:24.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25671 (GCVE-0-2023-25671)
Vulnerability from nvd – Published: 2023-03-24 23:31 – Updated: 2025-02-19 20:42
VLAI?
Summary
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| tensorflow | tensorflow |
Affected:
< 2.11.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T20:42:11.368861Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T20:42:24.351Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "tensorflow",
"vendor": "tensorflow",
"versions": [
{
"status": "affected",
"version": "\u003c 2.11.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-24T23:31:40.731Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367"
},
{
"name": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938"
}
],
"source": {
"advisory": "GHSA-j5w9-hmfh-4cr6",
"discovery": "UNKNOWN"
},
"title": "TensorFlow has segmentation fault in tfg-translate "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-25671",
"datePublished": "2023-03-24T23:31:40.731Z",
"dateReserved": "2023-02-09T20:58:21.858Z",
"dateUpdated": "2025-02-19T20:42:24.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}