AI Threat Alert
CVE-2023-25672
HIGH
Published March 25, 2023
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | — | No patch |
Do you use tensorflow? You're affected.
Severity & Risk
CVSS 3.1
7.5 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References
- github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69 Patch
- github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r Patch Vendor
- github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69 Patch
- github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r Patch Vendor
Timeline
Published
March 25, 2023
Last Modified
November 21, 2024
First Seen
March 25, 2023