-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl: 44 vulnerabilities (highest severity is: 9.8) #19
Comments
Nice, one of tasks is done |
Nice to meet you, @mend-bolt-for-github[bot]. Thank you for creating an issue. There are some tasks for you:
To close issue send comment "close", to reopen - "reopen" |
Micro-Learning Topic: Buffer overflow (Detected by phrase)Matched on "buffer overflow"A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer. Try a challenge in Secure Code WarriorMicro-Learning Topic: Denial of service (Detected by phrase)Matched on "denial of service"The Denial of Service (DoS) attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed. There are many ways to make a service unavailable for legitimate users by manipulating network packets, programming, logical, or resources handling vulnerabilities, among others. Source: https://www.owasp.org/index.php/Denial_of_Service Try a challenge in Secure Code WarriorMicro-Learning Topic: Vulnerable library (Detected by phrase)Matched on "Vulnerable Library"Use of vulnerable components will introduce weaknesses into the application. Components with published vulnerabilities will allow easy exploitation as resources will often be available to automate the process. Try a challenge in Secure Code Warrior |
Micro-Learning Topic: Integer overflow (Detected by phrase)Matched on "integer overflow"Integer overflow occurs when the result of arithmetic operation is greater than the maximum value the integer data type can store. Try a challenge in Secure Code Warrior |
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2023-25668
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25668
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gw97-ff7c-9v96
Release Date: 2023-03-24
Fix Resolution: 2.11.1
Step up your Open Source Security Game with Mend here
WS-2022-0401
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
Another instance of CVE-2022-35991, where TensorListScatter and TensorListScatterV2 crash via non scalar inputs inelement_shape, was found in eager mode and fixed.
Publish Date: 2024-12-04
URL: WS-2022-0401
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-xf83-q765-xm6m
Release Date: 2024-12-04
Fix Resolution: 2.10.1
Step up your Open Source Security Game with Mend here
CVE-2023-33976
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an end-to-end open source platform for machine learning.
array_ops.upper_bound
causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.Publish Date: 2024-07-30
URL: CVE-2023-33976
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gjh7-xx4r-x345
Release Date: 2024-07-30
Fix Resolution: 2.12.1
Step up your Open Source Security Game with Mend here
CVE-2023-25676
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA,
tf.raw_ops.ParallelConcat
segfaults with a nullptr dereference when given a parametershape
with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25676
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-6wfh-89q8-44jq
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25675
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA,
tf.raw_ops.Bincount
segfaults when given a parameterweights
that is neither the same shape as parameterarr
nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25675
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-7x4v-9gxg-9hwj
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25674
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25674
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gf97-q72m-7579
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25673
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25673
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-647v-r7qq-24fh
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25672
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. The function
tf.raw_ops.LookupTableImportV2
cannot handle scalars in thevalues
parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25672
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-94mm-g2mv-8p7r
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25671
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25671
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-25671
Release Date: 2023-03-24
Fix Resolution: 2.11.1
Step up your Open Source Security Game with Mend here
CVE-2023-25670
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25670
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-49rq-hwc3-x77w
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25669
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for
tf.raw_ops.AvgPoolGrad
, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25669
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-rcf8-g8jv-vg6p
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25665
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when
SparseSparseMaximum
is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25665
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-25665
Release Date: 2023-03-24
Fix Resolution: 2.11.1
Step up your Open Source Security Game with Mend here
CVE-2023-25664
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25664
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-6hg6-5c2q-7rcr
Release Date: 2023-03-24
Fix Resolution: 2.11.1
Step up your Open Source Security Game with Mend here
CVE-2023-25663
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when
ctx->step_containter()
is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25663
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-64jg-wjww-7c5w
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25662
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25662
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-7jvm-xxmr-v5cw
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25660
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter
summarize
oftf.raw_ops.Print
is zero, the new methodSummarizeArray<bool>
will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25660
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-qjqc-vqcf-5qvj
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25659
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter
indices
forDynamicStitch
does not match the shape of the parameterdata
, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.Publish Date: 2023-03-24
URL: CVE-2023-25659
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-93vr-9q9m-pj8p
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
CVE-2023-25658
Vulnerable Library - tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
TensorFlow is an open source machine learning framework for everyone.
Library home page: https://files.pythonhosted.org/packages/3f/cd/9c217589c88448d67a4c755c4215cfae3e261e0af357ee81b9a5d7a96eda/tensorflow-2.10.0-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
Path to dependency file: /requirements.txt
Path to vulnerable library: /requirements.txt
Dependency Hierarchy:
Found in HEAD commit: 8007902a6bde49bdad6e8694dfa82feb12e3f45c
Found in base branch: main
Vulnerability Details
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Publish Date: 2023-03-24
URL: CVE-2023-25658
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-68v3-g9cm-rmm6
Release Date: 2023-03-24
Fix Resolution: tensorflow - 2.11.1,2.12.0, tensorflow-cpu - 2.11.1,2.12.0, tensorflow-gpu - 2.11.1,2.12.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: