Lucene search
Veracode Vulnerability DatabaseVERACODE:40001HistoryMar 31, 2023 - 1:58 a.m.
Denial Of Service (DoS)
2023-03-3101:58:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
denial of service
tensorflow
vulnerability
validation checks
library
segmentation fault
null pointer dereference
parallelconcat
xla
application crash
shape parameter
0.001 Low
EPSS
Percentile
37.9%
TensorFlow is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the improper validation checks in the library, which leads to a segmentation fault with a null pointer dereference in ParallelConcat with XLA, allowing an attacker to cause an application crash when the given parameter shape with a rank that is not greater than zero.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tensorflow | le | 2.11.0 | |
| tensorflow-cpu | le | 2.11.0 | |
| tensorflow-gpu | le | 2.11.0 | |
| tensorflow | le | 2.11.0 | |
| tensorflow-cpu | le | 2.11.0 | |
| tensorflow-gpu | le | 2.11.0 |
Related
nvd
nvd
CVE-2023-25676
2023-03-25 00:15:08
osv
osv
TensorFlow has null dereference on ParallelConcat with XLA
2023-03-24 21:54:04
BIT-tensorflow-2023-25676
2024-03-06 11:07:13
CVE-2023-25676
2023-03-25 00:15:08
prion
prion
Stack overflow
2023-03-25 00:15:00
github
github
TensorFlow has null dereference on ParallelConcat with XLA
2023-03-24 21:54:04
cbl_mariner
cbl_mariner
CVE-2023-25676 affecting package tensorflow for versions less than 2.11.1-1
2024-07-05 03:08:39
cve
cve
CVE-2023-25676
2023-03-25 00:15:08
cvelist
cvelist
CVE-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA
2023-03-24 23:10:30
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in TensorFlow (CVE-2023-25676)
2023-06-28 20:04:43
nessus
nessus
TensorFlow < 2.12.0 Multiple Vulnerabilities
2024-05-31 00:00:00
TensorFlow < 2.11.1 Multiple Vulnerabilities
2024-05-20 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00