CVE-2023-25668

Exploit

EPSS 1.51%
Published 25.03.2023 00:15:07
Last modified 21.11.2024 07:49:54
Source security-advisories@github.com
Teams watchlist Login
Open Login

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Tensorflow Version < 2.12.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.51%	0.805

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/tensorflow/tensorflow/commit/7b174a0f2e40ff3f3aa957aecddfd5aaae35eccb

Patch

Exploit

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-25668

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-25668

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-25668

EUVD