CVE-2023-25662

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25662

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25662.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25662

Aliases

Published

2023-03-24T23:41:15.425Z

Modified

2026-02-15T19:55:17.985714Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

TensorFlow vulnerable to integer overflow in EditDistance

Details

TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

Database specific

{
    "cwe_ids": [
        "CWE-190"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25662.json"
}

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08b8e18643d6dcde00890733b270ff8d9960c56c

Affected versions

0.*

0.12.0-rc0

0.12.0-rc1

0.12.1

0.5.0

0.6.0

v0.*

v0.10.0

v0.10.0rc0

v0.11.0

v0.11.0rc0

v0.11.0rc1

v0.11.0rc2

v0.12.0

v0.7.0

v0.7.1

v0.8.0rc0

v0.9.0

v0.9.0rc0

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-rc0

v1.0.0-rc1

v1.0.0-rc2

v1.1.0

v1.1.0-rc0

v1.1.0-rc1

v1.1.0-rc2

v1.12.0

v1.12.0-rc0

v1.12.0-rc1

v1.12.0-rc2

v1.12.1

v1.2.0

v1.2.0-rc0

v1.2.0-rc1

v1.2.0-rc2

v1.3.0-rc0

v1.3.0-rc1

v1.5.0

v1.5.0-rc0

v1.5.0-rc1

v1.6.0

v1.6.0-rc0

v1.6.0-rc1

v1.7.0

v1.7.0-rc0

v1.7.0-rc1

v1.8.0

v1.8.0-rc0

v1.8.0-rc1

v1.9.0

v1.9.0-rc0

v1.9.0-rc1

v1.9.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25662.json"

vanir_signatures

[
    {
        "signature_type": "Line",
        "signature_version": "v1",
        "source": "https://github.com/tensorflow/tensorflow/commit/08b8e18643d6dcde00890733b270ff8d9960c56c",
        "digest": {
            "line_hashes": [
                "89856206868202732161709884461666711936",
                "1386698457117347128804823523361981412",
                "232420233499917798760414514358484823988",
                "251261412669207028843081198076699368129",
                "338164826129282020743408497284672070671",
                "235767249477584861523491432455952221948",
                "126640333703409518321872939242570565105",
                "8015104587666780990710732724712299969",
                "253540125201562330406375028974006045328",
                "125657982249858174038801533354790576738",
                "220115892265396138595617384793988509028",
                "287076153538377537734465690230437665506",
                "56341048603723628627515828157515951299"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-25662-cb657037",
        "deprecated": false,
        "target": {
            "file": "tensorflow/core/ops/array_ops.cc"
        }
    }
]