Heap-based Buffer Overflow
CVE-2023-25668
Summary
TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
References
Advisory Timeline
- Published