High severityNVD Advisory· Published Mar 24, 2023· Updated Feb 19, 2025
TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
CVE-2023-25660
Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.11.1 | 2.11.1 |
tensorflow-cpuPyPI | < 2.11.1 | 2.11.1 |
tensorflow-gpuPyPI | < 2.11.1 | 2.11.1 |
Affected products
1- Range: < 2.1.1
Patches
16d423b8bcc9aQuick fix for a vuln in printing empty tensors.
1 file changed · +3 −0
tensorflow/core/framework/tensor.cc+3 −0 modified@@ -1297,6 +1297,9 @@ template <> string SummarizeArray<bool>(int64_t limit, int64_t num_elts, const TensorShape& tensor_shape, const char* data, const bool print_v2) { + if (data == nullptr) { + return strings::StrCat(""); // we already print type and shape + } // We first convert all chars to be 0/1 to not get InvalidEnumValue sanitizer // error auto mutable_data = std::unique_ptr<char[]>(new char[num_elts]);
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-qjqc-vqcf-5qvjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25660ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/6d423b8bcc9aa9f5554dc988c1c16d038b508df1ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-qjqc-vqcf-5qvjghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.