CVE-2023-25659
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| tensorflow | tensorflow | < 2.11.1 | affected |
Weaknesses
- CWE-125: CWE-125: Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p
- https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-93vr-9q9m-pj8p
- https://github.com/tensorflow/tensorflow/commit/ee004b18b976eeb5a758020af8880236cd707d05
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.