Lucene search
Veracode Vulnerability DatabaseVERACODE:39991HistoryMar 30, 2023 - 8:21 a.m.
Denial Of Service (DoS)
2023-03-3008:21:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
denial of service
vulnerability
integer overflow
editdistance
hypothesis_shape
application crash
software
0.001 Low
EPSS
Percentile
37.9%
tensorflow is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to an integer overflow in the EditDistance function when the hypothesis_shape perimeter is empty causing the application to crash.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | le | 2.11.0 | |
| tensorflow-cpu | le | 2.11.0 | |
| tensorflow-gpu | le | 2.11.0 | |
| tensorflow | le | 2.11.0 | |
| tensorflow-cpu | le | 2.11.0 | |
| tensorflow-gpu | le | 2.11.0 |
References
github.com/advisories/GHSA-7jvm-xxmr-v5cw
github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c
github.com/tensorflow/tensorflow/commit/b70838833b2a29dbf4ef47f904042950b44acec5
github.com/tensorflow/tensorflow/pull/59553
github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw
Related
osv
osv
TensorFlow vulnerable to integer overflow in EditDistance
2023-03-24 21:58:31
BIT-tensorflow-2023-25662
2024-03-06 11:09:21
CVE-2023-25662
2023-03-25 00:15:07
prion
prion
Integer overflow
2023-03-25 00:15:00
nvd
nvd
CVE-2023-25662
2023-03-25 00:15:07
github
github
TensorFlow vulnerable to integer overflow in EditDistance
2023-03-24 21:58:31
cvelist
cvelist
CVE-2023-25662 TensorFlow vulnerable to integer overflow in EditDistance
2023-03-24 23:41:15
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25662)
2023-06-28 19:58:46
cbl_mariner
cbl_mariner
CVE-2023-25662 affecting package tensorflow for versions less than 2.11.1-1
2024-07-05 03:08:39
cve
cve
CVE-2023-25662
2023-03-25 00:15:07
nessus
nessus
TensorFlow < 2.12.0 Multiple Vulnerabilities
2024-05-31 00:00:00
TensorFlow < 2.11.1 Multiple Vulnerabilities
2024-05-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00