CVE-2023-25659

Out-of-bounds Read in pypi/tensorflow

Identifiers

CVE-2023-25659, GHSA-93vr-9q9m-pj8p

Package Slug

pypi/tensorflow

Vulnerability

Out-of-bounds Read

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Affected Versions

All versions before 2.11.1

Solution

Upgrade to version 2.11.1 or above.

Last Modified

2023-03-27

source