Double Free

CVE-2023-25801

High

7.8/10

Summary

TensorFlow is an open-source machine learning platform. In tensorflow versions prior to 2.11.1, "nn_ops.fractional_avg_pool_v2" and "nn_ops.fractional_max_pool_v2" require the first and fourth elements of their parameter "pooling_ratio" to be equal to 1.0, as pooling on batch and channel dimensions is not supported.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-415 - Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References

Advisory
Release Note

Advisory Timeline

Published Mar 25, 2023

Double Free

CVE-2023-25801

Summary

CWE-415 - Double Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS