TensorFlow vulnerable to heap out-of-buffer read in the QuantizeAndDequantize operation
CVE-2023-25668
9.8CRITICAL
What is CVE-2023-25668?
TensorFlow, a widely utilized open-source machine learning platform, is susceptible to a vulnerability that allows attackers to access heap memory outside of user control in versions prior to 2.12.0 and 2.11.1. Exploiting this vulnerability can lead to severe consequences such as application crashes or unauthorized remote code execution. The necessary fixes have been incorporated into TensorFlow version 2.12.0 and the pertinent modifications will also be applied to version 2.11.1.
Affected Version(s)
tensorflow < 2.11.1