Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25670— TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize

CVSS 7.5 · High EPSS 0.24% · P47
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-25670

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
Source: NVD (National Vulnerability Database)
Vulnerability Description
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
空指针解引用
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google TensorFlow 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 TensorFlow 2.12.0 版本之前的 2.12 版本和 2.11.1 版本之前的 2.11 版本存在代码问题漏洞,该漏洞源于启用 MKL 的 QuantizedMatMulWithBiasAndDequantize 中存在零点错误。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
tensorflowtensorflow < 2.11.1 -

II. Public POCs for CVE-2023-25670

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-25670

登录查看更多情报信息。

Same Patch Batch · tensorflow · 2023-03-24 · 20 CVEs total

CVE-2023-256689.8 CRITICALTensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
CVE-2023-258018.0 HIGHTensorFlow has double free in Fractional(Max/Avg)Pool
CVE-2023-275797.5 HIGHTensorFlow has Floating Point Exception in TFLite in conv kernel
CVE-2023-256607.5 HIGHTensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
CVE-2023-256767.5 HIGHTensorFlow has null dereference on ParallelConcat with XLA
CVE-2023-256757.5 HIGHTensorFlow has Segfault in Bincount with XLA
CVE-2023-256747.5 HIGHTensorFlow has Null Pointer Error in RandomShuffle with XLA enable
CVE-2023-256737.5 HIGHTensorFlow has Floating Point Exception in TensorListSplit with XLA
CVE-2023-256727.5 HIGHTensorFlow has Null Pointer Error in LookupTableImportV2
CVE-2023-256717.5 HIGHTensorFlow has segmentation fault in tfg-translate
CVE-2023-256697.5 HIGHTensorFlow has Floating Point Exception in AvgPoolGrad with XLA
CVE-2023-256657.5 HIGHTensorFlow has Null Pointer Error in SparseSparseMaximum
CVE-2023-256667.5 HIGHTensorFlow has Floating Point Exception in AudioSpectrogram
CVE-2023-256647.5 HIGHTensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad
CVE-2023-256637.5 HIGHTensorFlow has Null Pointer Error in TensorArrayConcatV2
CVE-2023-256627.5 HIGHTensorFlow vulnerable to integer overflow in EditDistance
CVE-2023-256587.5 HIGHTensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
CVE-2023-256597.5 HIGHTensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
CVE-2023-256676.5 MEDIUMTensorFlow vulnerable to segfault when opening multiframe gif

IV. Related Vulnerabilities

Same product: tensorflow
Same vendor: tensorflow
Same weakness: CWE-476

V. Comments for CVE-2023-25670

No comments yet

Leave a comment