CVE-2023-25669: Incorrect Comparison

March 24, 2023

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for tf.raw_ops.AvgPoolGrad, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

References

github.com/advisories/GHSA-rcf8-g8jv-vg6p
github.com/tensorflow/tensorflow/commit/1295ae4dbb52fe06b19733b0257e2340d7b63b8d
github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p

Code Behaviors & Features

Detect and mitigate CVE-2023-25669 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →