CVE-2023-25665: NULL Pointer Dereference

March 25, 2023 (updated March 31, 2023)

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when SparseSparseMaximum is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.

References

github.com/advisories/GHSA-558h-mq8x-7q9g
github.com/tensorflow/tensorflow/commit/5e0ecfb42f5f65629fd7a4edd6c4afe7ff0feb04
github.com/tensorflow/tensorflow/security/advisories/GHSA-558h-mq8x-7q9g

Detect and mitigate CVE-2023-25665 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →