CRITICAL🇬🇧 English

CVE-2023-25668

CVSS 9.8v3.1pub. 2023-03-25upd. 2024-11-21

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Tensorflow

    APP
    Google
    < 2.12.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2021-37678CRITICAL9.3ten sam produkt

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Ker...

CVE-2021-35958CRITICAL9.1ten sam produkt

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.uti...

CVE-2020-15202CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the...

CVE-2020-15205CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops...

CVE-2020-15206CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` pr...

CVE-2023-25668 — CRITICAL 9.8 | CVEbaza.pl