Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NG1tLWcybXYtOHA3cs4AAyT4
TensorFlow has Null Pointer Error in LookupTableImportV2
Impact
The function tf.raw_ops.LookupTableImportV2 cannot handle scalars in the values parameter and gives an NPE.
import tensorflow as tf
v = tf.Variable(1)
@tf.function(jit_compile=True)
def test():
func = tf.raw_ops.LookupTableImportV2
para={'table_handle': v.handle,'keys': [62.98910140991211, 94.36528015136719], 'values': -919}
y = func(**para)
return y
print(test())
Patches
We have patched the issue in GitHub commit 980b22536abcbbe1b4a5642fc940af33d8c19b69.
The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported by r3pwnx of 360 AIVul Team
Permalink: https://github.com/advisories/GHSA-94mm-g2mv-8p7rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NG1tLWcybXYtOHA3cs4AAyT4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 7.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-94mm-g2mv-8p7r, CVE-2023-25672
References:
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-94mm-g2mv-8p7r
- https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69
- https://nvd.nist.gov/vuln/detail/CVE-2023-25672
- https://github.com/advisories/GHSA-94mm-g2mv-8p7r
Affected Packages
pypi:tensorflow-gpu
Versions: < 2.11.1Fixed in: 2.11.1
pypi:tensorflow-cpu
Versions: < 2.11.1Fixed in: 2.11.1
pypi:tensorflow
Versions: < 2.11.1Fixed in: 2.11.1