Segmentation Fault in TensorFlow 2.12 and 2.13
CVE-2023-33976

7.5HIGH

Key Information:

Vendor: Tensorflow
Status: Tensorflow
Vendor: CVE Published:; 30 July 2024

What is CVE-2023-33976?

A fault in TensorFlow's array_ops.upper_bound function may lead to a segmentation fault when the input provided is not a rank 2 tensor. Affected versions include TensorFlow 2.12 and earlier, with remediation measures introduced in TensorFlow 2.13. Users are advised to upgrade to the latest version to prevent potential crashes in applications leveraging TensorFlow for machine learning tasks.

Affected Version(s)

tensorflow < 2.13.0

References

https://github.com/tensorflow/tensorflow/security/advisor...

x_refsource_CONFIRM

https://github.com/tensorflow/tensorflow/commit/6fa05df43...

x_refsource_MISC

https://github.com/tensorflow/tensorflow/commit/915884fdf...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 30, 2024
Vulnerability Reserved
May 24, 2023

Tensorflow

What is CVE-2023-33976?

Affected Version(s)

References

CVSS V3.1

Timeline