CRITICAL🇵🇱 Wersja polska

CVE-2023-25668

CVSS 9.8v3.1pub. 2023-03-25upd. 2024-11-21

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Google Tensorflow

    APP
    Google
    < 2.12.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2021-37678CRITICAL9.3ten sam produkt

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Ker...

CVE-2021-35958CRITICAL9.1ten sam produkt

TensorFlow through 2.5.0 allows attackers to overwrite arbitrary files via a crafted archive when tf.keras.uti...

CVE-2020-15202CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the...

CVE-2020-15205CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops...

CVE-2020-15206CRITICAL9.0ten sam produkt

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` pr...