CVE-2023-25675
First published: Sat Mar 25 2023(Updated: )
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | <2.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-25675?
CVE-2023-25675 is a vulnerability in TensorFlow, an open source machine learning platform, that occurs when running versions prior to 2.12.0 and 2.11.1 with XLA.
What is the severity of CVE-2023-25675?
CVE-2023-25675 has a severity rating of 7.5 (high).
How does CVE-2023-25675 affect TensorFlow?
CVE-2023-25675 affects TensorFlow versions prior to 2.12.0 and 2.11.1 with XLA.
How can I fix CVE-2023-25675?
To fix CVE-2023-25675, upgrade TensorFlow to version 2.12.0 or 2.11.1.
Where can I find more information about CVE-2023-25675?
You can find more information about CVE-2023-25675 in the following references: [Link 1](https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf), [Link 2](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj).
- collector/nvd-index
- agent/type
- vendor/google
- canonical/google tensorflow