CVE-2023-25659

Out-of-bounds Read in pypi/tensorflow-cpu

Identifiers

GHSA-93vr-9q9m-pj8p, CVE-2023-25659

Package Slug

pypi/tensorflow-cpu

Vulnerability

Out-of-bounds Read

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Affected Versions

All versions before 2.11.1

Solution

Upgrade to version 2.11.1 or above.

Last Modified

2023-03-27

source