First published: Fri Mar 24 2023(Updated: )
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google TensorFlow | <2.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this TensorFlow vulnerability is CVE-2023-25672.
The severity of CVE-2023-25672 is high with a CVSS score of 7.5.
The affected software for CVE-2023-25672 is Google TensorFlow up to version 2.12.0.
You can fix CVE-2023-25672 by updating TensorFlow to version 2.11.1 or later.
You can find more information about CVE-2023-25672 in the references provided: [GitHub Commit](https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69) and [GitHub Security Advisories](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r).