CVE-2023-25668

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:49

Type Values Removed Values Added
References () https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb - Exploit, Patch () https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb - Exploit, Patch
References () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 - Patch () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 - Patch

31 Mar 2023, 14:20

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 - (MISC) https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96 - Patch
References (MISC) https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb - (MISC) https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb - Exploit, Patch
CPE cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

27 Mar 2023, 12:40

Type Values Removed Values Added
New CVE

Information

Published : 2023-03-25 00:15

Updated : 2024-11-21 07:49


NVD link : CVE-2023-25668

Mitre link : CVE-2023-25668

CVE.ORG link : CVE-2023-25668


JSON object : View

Products Affected

google

  • tensorflow
CWE
CWE-122

Heap-based Buffer Overflow

CWE-125

Out-of-bounds Read