TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
References
| Link | Resource |
|---|---|
| https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c | Patch |
| https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw | Patch Vendor Advisory |
Configurations
History
07 Nov 2023, 04:09
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. |
30 Mar 2023, 19:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | (MISC) https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c - Patch | |
| References | (MISC) https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7jvm-xxmr-v5cw - Patch, Vendor Advisory | |
| CPE | cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:* | |
| First Time |
Google
Google tensorflow |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
25 Mar 2023, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-03-25 00:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-25662
Mitre link : CVE-2023-25662
CVE.ORG link : CVE-2023-25662
JSON object : View
Products Affected
- tensorflow
CWE
CWE-190
Integer Overflow or Wraparound