CVE-2023-25668 — CRITICAL (9.8)

Q: How severe is CVE-2023-25668?

CVE-2023-25668 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2023-25668?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.

Vulnerability Description

TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Google	Tensorflow	< 2.12.0

Related Weaknesses (CWE)

CWE-122 CWE-125

References

FAQ

What is CVE-2023-25668?

CVE-2023-25668 is a vulnerability with a CVSS score of 9.8 (CRITICAL). TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remot...

How severe is CVE-2023-25668?

CVE-2023-25668 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-25668?

Check the references section above for vendor advisories and patch information. Affected products include: Google Tensorflow.