CVE-2023-33976

TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:06

Type Values Removed Values Added
References () https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec - Patch () https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec - Patch
References () https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 - Patch () https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 - Patch
References () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 - Third Party Advisory () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 - Third Party Advisory

01 Oct 2024, 14:41

Type Values Removed Values Added
CPE cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*
First Time Google tensorflow
Google
References () https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec - () https://github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec - Patch
References () https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 - () https://github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 - Patch
References () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 - () https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 - Third Party Advisory

31 Jul 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) TensorFlow es una plataforma de código abierto de un extremo a otro para el aprendizaje automático. `array_ops.upper_bound` provoca un error de segmentación cuando no se le asigna un tensor de rango 2. La solución se incluirá en TensorFlow 2.13 y también seleccionará esta confirmación en TensorFlow 2.12.

30 Jul 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-30 20:15

Updated : 2024-11-21 08:06


NVD link : CVE-2023-33976

Mitre link : CVE-2023-33976

CVE.ORG link : CVE-2023-33976


JSON object : View

Products Affected

google

  • tensorflow
CWE
CWE-190

Integer Overflow or Wraparound