Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-25673— TensorFlow has Floating Point Exception in TensorListSplit with XLA

CVSS 7.5 · High EPSS 0.28% · P51
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-25673

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
TensorFlow has Floating Point Exception in TensorListSplit with XLA
Source: NVD (National Vulnerability Database)
Vulnerability Description
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分的比较
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google TensorFlow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 2.12.0 版本之前的 2.12 版本和 2.11.1 版本之前的 2.11 版本存在安全漏洞,该漏洞源于带有 XLA 的 TensorListSplit 中的浮点异常。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
tensorflowtensorflow < 2.11.1 -

II. Public POCs for CVE-2023-25673

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2023-25673

登录查看更多情报信息。

Same Patch Batch · tensorflow · 2023-03-24 · 20 CVEs total

CVE-2023-256689.8 CRITICALTensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
CVE-2023-258018.0 HIGHTensorFlow has double free in Fractional(Max/Avg)Pool
CVE-2023-275797.5 HIGHTensorFlow has Floating Point Exception in TFLite in conv kernel
CVE-2023-256607.5 HIGHTensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
CVE-2023-256767.5 HIGHTensorFlow has null dereference on ParallelConcat with XLA
CVE-2023-256757.5 HIGHTensorFlow has Segfault in Bincount with XLA
CVE-2023-256747.5 HIGHTensorFlow has Null Pointer Error in RandomShuffle with XLA enable
CVE-2023-256727.5 HIGHTensorFlow has Null Pointer Error in LookupTableImportV2
CVE-2023-256717.5 HIGHTensorFlow has segmentation fault in tfg-translate
CVE-2023-256707.5 HIGHTensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
CVE-2023-256697.5 HIGHTensorFlow has Floating Point Exception in AvgPoolGrad with XLA
CVE-2023-256657.5 HIGHTensorFlow has Null Pointer Error in SparseSparseMaximum
CVE-2023-256667.5 HIGHTensorFlow has Floating Point Exception in AudioSpectrogram
CVE-2023-256647.5 HIGHTensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad
CVE-2023-256637.5 HIGHTensorFlow has Null Pointer Error in TensorArrayConcatV2
CVE-2023-256627.5 HIGHTensorFlow vulnerable to integer overflow in EditDistance
CVE-2023-256587.5 HIGHTensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad
CVE-2023-256597.5 HIGHTensorFlow vulnerable to Out-of-Bounds Read in DynamicStitch
CVE-2023-256676.5 MEDIUMTensorFlow vulnerable to segfault when opening multiframe gif

IV. Related Vulnerabilities

Same product: tensorflow
Same vendor: tensorflow
Same weakness: CWE-697

V. Comments for CVE-2023-25673

No comments yet

Leave a comment