CVE-2023-25801

TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 require the first and fourth elements of their parameter pooling_ratio to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Published: Mar 25, 2023
Updated: May 9, 2024
CVE: CVE-2023-25801
GHSA: GHSA-f49c-87jh-g47q
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-415

Affected Software
References

Software	From	Fixed in
google / tensorflow	-	2.12.0
tensorflow	-	2.11.1
tensorflow-cpu	-	2.11.1
tensorflow-gpu	-	2.11.1

https://github.com/tensorflow/tensorflow/commit/ee50d1e00f81f62a4517453f721c634bbb478307
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f49c-87jh-g47q

Vulnerability Database

289,697

CVE-2023-25801