GHSA-93vr-9q9m-pj8p, CVE-2023-25659
pypi/tensorflow-cpu
Out-of-bounds Read
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter indices
for DynamicStitch
does not match the shape of the parameter data
, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
All versions before 2.11.1
Upgrade to version 2.11.1 or above.
2023-03-27
source |