CVE-2023-25668
First published: Sat Mar 25 2023(Updated: )
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | <2.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-25668?
CVE-2023-25668 is a vulnerability in TensorFlow, an open source platform for machine learning, that allows attackers to access heap memory not controlled by users, leading to a crash or remote code execution.
What is the severity of CVE-2023-25668?
CVE-2023-25668 has a severity of 9.8 (critical).
How does CVE-2023-25668 impact TensorFlow?
CVE-2023-25668 allows attackers using Tensorflow prior to version 2.12.0 to access heap memory, potentially resulting in a crash or remote code execution.
How can I fix CVE-2023-25668?
To fix CVE-2023-25668, update TensorFlow to version 2.12.0 or later.
Are there any references related to CVE-2023-25668?
Yes, you can find more information about CVE-2023-25668 at the following references: [Reference 1](https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb) and [Reference 2](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96).
- collector/nvd-index
- vendor/google
- canonical/google tensorflow