Incorrect Comparison

CVE-2023-27579

High

7.5/10

Summary

TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a parameter "filter_input_channel" of less than 1 gives a FPE. This issue affects versions prior to 2.11.1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-697 - Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

References

Advisory
Pull request

Advisory Timeline

Published Mar 24, 2023

Incorrect Comparison

CVE-2023-27579

Summary

CWE-697 - Incorrect Comparison

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS