CVE-2023-25668

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-25668

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25668.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-25668

Aliases

Downstream

AZL-31200

AZL-35313

Published

2023-03-24T23:33:50.296Z

Modified

2026-04-10T04:56:04.960219Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation

Details

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/25xxx/CVE-2023-25668.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-122",
        "CWE-125"
    ]
}

References

Affected packages

Git / github.com/tensorflow/tensorflow

Affected ranges

Type: GIT
Repo: https://github.com/tensorflow/tensorflow
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a3e2c692c18649329c4210cf8df2487d2028e267

Affected versions

0.*

0.5.0

0.6.0

v1.*

v1.1.0-rc1

v1.1.0-rc2

v1.12.1

v1.6.0-rc1

v1.9.0-rc2

v2.*

v2.11.0

v2.11.0-rc0

v2.11.0-rc1

v2.11.0-rc2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-25668.json"