Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-25661
HistoryMar 27, 2023 - 8:15 p.m.

Stack overflow

2023-03-2720:15:00
PRIOn knowledge base
www.prio-n.com
58
tensorflow
machine learning
denial of service
vulnerability
convolution3dtranspose

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

30.4%

JSON

TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the Convolution3DTranspose function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a Convolution3DTranspose call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.

CPENameOperatorVersion
tensorflowlt2.11.1

Related

github 1
osv 3
nessus 1
cvelist 1
cve 1
cbl_mariner 1
ibm 8
nvd 1
oracle 1
github
github
TensorFlow Denial of Service vulnerability
2023-03-27 21:05:10
osv
osv
BIT-tensorflow-2023-25661
2024-03-06 11:09:28
CVE-2023-25661
2023-03-27 20:15:09
TensorFlow Denial of Service vulnerability
2023-03-27 21:05:10
nessus
nessus
CBL Mariner 2.0 Security Update: tensorflow (CVE-2023-25661)
2023-10-30 00:00:00
cvelist
cvelist
CVE-2023-25661 Denial of Service in TensorFlow
2023-03-27 19:52:07
cve
cve
CVE-2023-25661
2023-03-27 20:15:09
cbl_mariner
cbl_mariner
CVE-2023-25661 affecting package tensorflow for versions less than 2.11.1-1
2023-10-15 08:09:36
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to TensorFlow denial of service vulnerabilitiy [CVE-2023-25661]
2024-02-01 13:46:33
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25661)
2023-06-28 20:38:08
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in TensorFlow
2023-06-28 21:21:17
nvd
nvd
CVE-2023-25661
2023-03-27 20:15:09
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.4 Medium

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

30.4%

JSON
Related for PRION:CVE-2023-25661
github1osv3nessus1cvelist1cve1cbl_mariner1ibm8nvd1oracle1