GHSA-68v3-g9cm-rmm6

Опубликовано: 24 мар. 2023

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

TensorFlow vulnerable to Out-of-Bounds Read in GRUBlockCellGrad

Impact

Out of bounds read in GRUBlockCellGrad

func = tf.raw_ops.GRUBlockCellGrad para = {'x': [[21.1, 156.2], [83.3, 115.4]], 'h_prev': array([[136.5], [136.6]]), 'w_ru': array([[26.7, 0.8], [47.9, 26.1], [26.2, 26.3]]), 'w_c': array([[ 0.4], [31.5], [ 0.6]]), 'b_ru': array([0.1, 0.2 ], dtype=float32), 'b_c': 0x41414141, 'r': array([[0.3], [0.4]], dtype=float32), 'u': array([[5.7], [5.8]]), 'c': array([[52.9], [53.1]]), 'd_h': array([[172.2], [188.3 ]])}

Patches

We have patched the issue in GitHub commit ff459137c2716a2a60f7d441b855fcb466d778cb.

The fix will be included in TensorFlow 2.12.0. We will also cherrypick this commit on TensorFlow 2.11.1

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability has been reported by r3pwnx.

Ссылки

Пакеты

Наименование

tensorflow

pip

Затронутые версииВерсия исправления

< 2.11.1

2.11.1

Наименование

tensorflow-cpu

pip

Затронутые версииВерсия исправления

< 2.11.1

2.11.1

Наименование

tensorflow-gpu

pip

Затронутые версииВерсия исправления

< 2.11.1

2.11.1

EPSS

Процентиль: 15%

0.00047

Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-25658

Дефекты

CWE-125

Связанные уязвимости

CVE-2023-25658

CVSS3: 7.5

nvd

почти 3 года назад

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.

CVE-2023-25658

CVSS3: 7.5

msrc

больше 1 года назад

Описание отсутствует

CVE-2023-25658

CVSS3: 7.5

debian

почти 3 года назад

TensorFlow is an open source platform for machine learning. Prior to v ...

EPSS

Процентиль: 15%

0.00047

Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-25658

Дефекты

CWE-125