CVE-2023-25660: NULL Pointer Dereference

March 25, 2023 (updated November 9, 2023)

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.

References

github.com/advisories/GHSA-qjqc-vqcf-5qvj
github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1
github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvj

Detect and mitigate CVE-2023-25660 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →