First published: Fri Mar 24 2023(Updated: )
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google TensorFlow | <2.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-25675 is a vulnerability in TensorFlow, an open source machine learning platform, that occurs when running versions prior to 2.12.0 and 2.11.1 with XLA.
CVE-2023-25675 has a severity rating of 7.5 (high).
CVE-2023-25675 affects TensorFlow versions prior to 2.12.0 and 2.11.1 with XLA.
To fix CVE-2023-25675, upgrade TensorFlow to version 2.12.0 or 2.11.1.
You can find more information about CVE-2023-25675 in the following references: [Link 1](https://github.com/tensorflow/tensorflow/commit/8ae76cf085f4be26295d2ecf2081e759e04b8acf), [Link 2](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj).