CVE-2023-25671 – tensorflow

Package

Manager: pip
Name: tensorflow
Vulnerable Version: >=0 <2.11.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00241 pctl0.4727

Details

TensorFlow has segmentation fault in tfg-translate ### Impact Out-of-bounds access due to mismatched integer type sizes in ValueMap::Manager::GetValueOrCreatePlaceholder. Bug with tfg-translate call to InitMlir. The problem happens with generic functions, as it is already handled for non-generic functions. This is because they, unlike non-generic functions, are using the "old importer". A better long-term solution may be to have the "new importer" handle generic functions. ### Patches We have patched the issue in GitHub - commit [760322a71ac9033e122ef1f4b1c62813021e5938](https://github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938). - commit [2eedc8f676d2c3b8be9492e547b2bc814c10b367](https://github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367) The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1 ### For more information Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions. ### Attribution This vulnerability has been reported by r3pwnx ### Affiliation 360 AIVul

Metadata

Created: 2023-03-24T21:55:07Z
Modified: 2023-03-31T16:06:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-j5w9-hmfh-4cr6/GHSA-j5w9-hmfh-4cr6.json
CWE IDs: ["CWE-787"]
Alternative ID: GHSA-j5w9-hmfh-4cr6
Finding: F111
Auto approve: 1