High severityNVD Advisory· Published Mar 24, 2023· Updated Feb 19, 2025

TensorFlow has Null Pointer Error in TensorArrayConcatV2

CVE-2023-25663

Description

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when ctx->step_containter() is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.11.1	2.11.1
tensorflow-cpuPyPI	< 2.11.1	2.11.1
tensorflow-gpuPyPI	< 2.11.1	2.11.1

Affected products

Tensorflow/Tensorflowv5
Range: < 2.11.1

Patches

239139d2ae6a

Fixing null pointer read in TensorArrayConcat when the step container is missing.

https://github.com/tensorflow/tensorflowJeremy MeredithJan 24, 2023via ghsa

commit

2 files changed · +19 −2

tensorflow/core/kernels/tensor_array_ops.cc+3 −2 modified

@@ -80,8 +80,9 @@ Status GetTensorArray(OpKernelContext* ctx, TensorArray** tensor_array) {
     TF_RETURN_IF_ERROR(GetHandle(ctx, &container, &ta_handle));
     ResourceMgr* rm = ctx->resource_manager();
     if (rm == nullptr) return errors::Internal("No resource manager.");
-    TF_RETURN_IF_ERROR(
-        ctx->step_container()->Lookup(rm, container + ta_handle, tensor_array));
+    ScopedStepContainer* sc = ctx->step_container();
+    if (sc == nullptr) return errors::Internal("No step container.");
+    TF_RETURN_IF_ERROR(sc->Lookup(rm, container + ta_handle, tensor_array));
     return OkStatus();
   } else {
     return LookupResource(ctx, HandleFromInput(ctx, 0), tensor_array);

tensorflow/python/kernel_tests/data_structures/tensor_array_ops_test.py+16 −0 modified

@@ -1846,6 +1846,22 @@ def testStackShapeOnStaticSize(self):
     ta = ta.write(0, [0])
     self.assertEqual([42, 1], ta.stack().shape.as_list())
 
+  def testTensorArrayConcatFailsWhenMissingStepContainer(self):
+    @def_function.function
+    def func():
+      y = data_flow_ops.TensorArrayConcatV2(
+          handle=["a", "b"],
+          flow_in=0.1,
+          dtype=dtypes.int32,
+          element_shape_except0=1,
+      )
+      return y
+
+    with self.assertRaisesRegex(
+        errors.NotFoundError, "Container .* does not exist"
+    ):
+      self.evaluate(func())
+
 
 class TensorArrayBenchmark(test.Benchmark):

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-64jg-wjww-7c5wghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-25663ghsaADVISORY
github.com/tensorflow/tensorflow/commit/239139d2ae6a81ae9ba499ad78b56d9b2931538aghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-64jg-wjww-7c5wghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000