CVE-2023-27579
First published: Sat Mar 25 2023(Updated: )
TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google TensorFlow | <2.12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-27579?
CVE-2023-27579 is a vulnerability in TensorFlow, an open source platform for machine learning, that allows for a floating point exception (FPE) when constructing a tflite model with a `filter_input_channel` parameter less than 1.
What is the severity of CVE-2023-27579?
The severity of CVE-2023-27579 is high, with a severity value of 7.5.
How does CVE-2023-27579 affect TensorFlow?
CVE-2023-27579 affects TensorFlow versions up to and including 2.12.0.
How can I fix CVE-2023-27579?
To fix CVE-2023-27579, update to TensorFlow version 2.12 or apply the fix commit in TensorFlow 2.11.1.
Where can I find more information about CVE-2023-27579?
You can find more information about CVE-2023-27579 in the GitHub commit (link: https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa) and the TensorFlow security advisories (link: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8).
- collector/nvd-index
- vendor/google
- canonical/google tensorflow