SB2023032046 - Multiple vulnerabilities in TensorFlow
Published: March 20, 2023 Updated: May 2, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2023-25667)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when opening multiframe gif images. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.2) Out-of-bounds read (CVE-ID: CVE-2023-25658)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in GRUBlockCellGrad. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
3) Out-of-bounds read (CVE-ID: CVE-2023-25659)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in DynamicStitch. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system.
4) Buffer overflow (CVE-ID: CVE-2023-25660)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in tf.raw_ops.Print. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.5) Integer overflow (CVE-ID: CVE-2023-25662)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in EditDistance. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
6) Uncaught Exception (CVE-ID: CVE-2023-25663)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exceptionin TensorArrayConcatV2. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.7) Heap-based buffer overflow (CVE-ID: CVE-2023-25664)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in AvgPoolGrad. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
8) Uncaught Exception (CVE-ID: CVE-2023-25666)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in AudioSpectrogram. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.9) Uncaught Exception (CVE-ID: CVE-2023-25665)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception in SparseSparseMaximum. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.10) Out-of-bounds read (CVE-ID: CVE-2023-25668)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the QuantizeAndDequantize operation. A remote attacker can trigger a heap out-of-bounds read error and read contents of memory on the system.
11) Uncaught Exception (CVE-ID: CVE-2023-27579)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in TFLite in the iconv kernel. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.
12) Uncaught Exception (CVE-ID: CVE-2023-25669)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in AvgPoolGrad with XLA. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.13) Uncaught Exception (CVE-ID: CVE-2023-25670)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in QuantizedMatMulWithBiasAndDequantize. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.14) Buffer overflow (CVE-ID: CVE-2023-25671)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in tfg-translate. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.15) Uncaught Exception (CVE-ID: CVE-2023-25673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a floating point exception in TensorListSplit with XLA. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.16) Uncaught Exception (CVE-ID: CVE-2023-25674)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception in RandomShuffle with XLA enabled. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.17) Buffer overflow (CVE-ID: CVE-2023-25675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Bincount with XLA. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
18) NULL pointer dereference (CVE-ID: CVE-2023-25676)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference on ParallelConcat with XLA. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
19) Double Free (CVE-ID: CVE-2023-25801)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Fractional(Max/Avg)Pool. A remote attacker can pass specially crafted input to the application, trigger a double free error and perform a denial of service (DoS) attack.
20) Uncaught Exception (CVE-ID: CVE-2023-25672)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer exception within the tf.raw_ops.LookupTableImportV2() function. A remote attacker can pass specially crafted input to the application, trigger an unhanded exception and perform a denial of service (DoS) attack.21) Input validation error (CVE-ID: CVE-2023-25661)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation by the Convolution3DTranspose function. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack on ML cloud services.
Remediation
Install update from vendor's website.
References
- https://github.com/tensorflow/tensorflow/releases/tag/v2.11.1
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fqm2-gh8w-gr68
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gw97-ff7c-9v96
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rcf8-g8jv-vg6p
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-49rq-hwc3-x77w
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-j5w9-hmfh-4cr6
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-647v-r7qq-24fh
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf97-q72m-7579
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7x4v-9gxg-9hwj
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6wfh-89q8-44jq
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q
- https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq
- https://github.com/tensorflow/tensorflow/commit/948fe6369a5711d4b4568ea9bbf6015c6dfb77e2