CVE-2023-25671: Out-of-bounds Write

March 25, 2023 (updated November 9, 2023)

TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.

References

github.com/advisories/GHSA-j5w9-hmfh-4cr6
github.com/tensorflow/tensorflow/commit/2eedc8f676d2c3b8be9492e547b2bc814c10b367
github.com/tensorflow/tensorflow/commit/760322a71ac9033e122ef1f4b1c62813021e5938
github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6

Code Behaviors & Features

Detect and mitigate CVE-2023-25671 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →