AI Threat Alert
CVE-2023-33976
HIGH
Published July 30, 2024
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will...
Full analysis pending. Showing NVD description excerpt.
Affected Systems
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| tensorflow | pip | — | No patch |
Do you use tensorflow? You're affected.
Severity & Risk
CVSS 3.1
7.5 / 10
EPSS
N/A
KEV Status
Not in KEV
Sophistication
N/A
Recommended Action
No patch available
Monitor for updates. Consider compensating controls or temporary mitigations.
Compliance Impact
Compliance analysis pending. Sign in for full compliance mapping when available.
Technical Details
NVD Description
TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
Weaknesses (CWE)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H References
- github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec Patch
- github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 Patch
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 3rd Party
- github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fec Patch
- github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586 Patch
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345 3rd Party
Timeline
Published
July 30, 2024
Last Modified
November 21, 2024
First Seen
July 30, 2024