High severityNVD Advisory· Published Jul 30, 2024· Updated Aug 2, 2024
TensorFlow segfault in array_ops.upper_bound
CVE-2023-33976
Description
TensorFlow is an end-to-end open source platform for machine learning. array_ops.upper_bound causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will also cherrypick this commit on TensorFlow 2.12.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.12.1 | 2.12.1 |
tensorflow-cpuPyPI | < 2.12.1 | 2.12.1 |
tensorflow-gpuPyPI | < 2.12.1 | 2.12.1 |
Affected products
5- osv-coords4 versions
< 2.12.1+ 3 more
- (no CPE)range: < 2.12.1
- (no CPE)range: < 2.12.1
- (no CPE)range: < 2.12.1
- (no CPE)range: < 2.12.1
- Range: < 2.13.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-gjh7-xx4r-x345ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-33976ghsaADVISORY
- github.com/tensorflow/tensorflow/commit/6fa05df43b00038b048f4f0e51ef522da6532fecghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/915884fdf5df34aaedd00fc6ace33a2cfdefa586ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-gjh7-xx4r-x345ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.