CVE-2023-25662: Integer Overflow or Wraparound

March 25, 2023 (updated November 9, 2023)

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 is vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

References

github.com/advisories/GHSA-7jvm-xxmr-v5cw
github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c
github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw

Detect and mitigate CVE-2023-25662 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →