High severityNVD Advisory· Published Mar 24, 2023· Updated Feb 19, 2025
TensorFlow vulnerable to Heap Buffer Overflow in AvgPoolGrad
CVE-2023-25664
Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.11.1 | 2.11.1 |
tensorflow-cpuPyPI | < 2.11.1 | 2.11.1 |
Affected products
1- Range: < 2.11.1
Patches
1ddaac2bdd099Add inputs check for AvgPoolGrad
2 files changed · +28 −0
tensorflow/core/kernels/avgpooling_op.cc+13 −0 modified@@ -342,6 +342,19 @@ class AvgPoolingGradOp : public OpKernel { const T* out_backprop_ptr = out_backprop.flat<T>().data(); T* input_backprop_ptr = output->flat<T>().data(); + for (int64_t r = 0; r < out_backprop_rows; ++r) { + int rindex, rsize; + OP_REQUIRES_OK(context, + GetBroadcastSize(r, in_rows, window_rows, row_stride, + pad_rows, &rindex, &rsize)); + for (int64_t c = 0; c < out_backprop_cols; ++c) { + int cindex, csize; + OP_REQUIRES_OK(context, + GetBroadcastSize(c, in_cols, window_cols, col_stride, + pad_cols, &cindex, &csize)); + } + } + auto shard = [context, out_backprop_ptr, input_backprop_ptr, out_backprop_rows, out_backprop_cols, out_backprop_depth, in_rows, in_cols, window_rows, window_cols, row_stride,
tensorflow/python/kernel_tests/nn_ops/pooling_ops_test.py+15 −0 modified@@ -2510,6 +2510,21 @@ def testAvgPoolGradInvalidInputShapeRaiseError(self): data_format="NHWC") self.evaluate(t) + def testAvgPoolGradInvalidStrideRaiseErrorProperly(self): + with self.assertRaises(errors_impl.InvalidArgumentError): + with self.cached_session(): + orig_input_shape = [11, 9, 78, 9] + grad = constant_op.constant( + 0.1, shape=[16, 16, 16, 16], dtype=dtypes.float64) + t = gen_nn_ops.AvgPoolGrad( + orig_input_shape=orig_input_shape, + grad=grad, + ksize=[1, 40, 128, 1], + strides=[1, 128, 128, 30], + padding="SAME", + data_format="NHWC") + self.evaluate(t) + def GetMaxPoolFwdTest(input_size, filter_size, strides, padding):
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-6hg6-5c2q-7rcrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-25664ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/ddaac2bdd099bec5d7923dea45276a7558217e5bghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-6hg6-5c2q-7rcrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.