TensorFlow has Segfault in Bincount with XLA
CVE-2023-25675
7.5HIGH
What is CVE-2023-25675?
A vulnerability exists in TensorFlow's implementation of XLA when executing the tf.raw_ops.Bincount
operation. Versions prior to 2.12.0 and 2.11.1 may experience a segmentation fault if the weights
parameter does not match the shape of the arr
parameter or if it is a length-0 tensor. This issue can lead to unexpected behavior and application crashes, emphasizing the importance of updating to the latest versions for enhanced stability and security.
Affected Version(s)
tensorflow < 2.11.1