CVE-2023-25801

Double Free in pypi/tensorflow

Identifiers

CVE-2023-25801, GHSA-f49c-87jh-g47q

Package Slug

pypi/tensorflow

Vulnerability

Double Free

Description

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Affected Versions

All versions before 2.12.0

Solution

Upgrade to version 2.12.0 or above.

Last Modified

2023-03-27

source