First published: Fri Mar 24 2023(Updated: )
TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google TensorFlow | <2.12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-25801.
The severity of CVE-2023-25801 is high with a severity value of 7.8.
The affected software for CVE-2023-25801 is TensorFlow versions up to 2.12.0.
To fix CVE-2023-25801, upgrade to TensorFlow versions 2.12.0 or later and ensure that the first and fourth elements of the parameter 'pooling_ratio' in 'nn_ops.fractional_avg_pool_v2' and 'nn_ops.fractional_max_pool_v2' are equal to 1.0.
You can find more information about CVE-2023-25801 in the following references: [GitHub Commit](https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307), [GitHub Security Advisory](https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q).