Skip to main content

NULL Pointer Dereference

CVE-2023-25676

Severity High
Score 7.5/10

Summary

TensorFlow is an open-source machine learning platform. In tensorflow versions prior to 2.11.1, when running with XLA, "tf.raw_ops.ParallelConcat" segfaults with a NULL Pointer Dereference when given a parameter "shape" with "rank" that is not greater than zero.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published