Home » Database

AVID-2026-R1194

Description

TensorFlow vulnerable to seg fault in tf.raw_ops.Print (CVE-2023-25660)

Details

TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter summarize of tf.raw_ops.Print is zero, the new method SummarizeArray<bool> will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.

Reason for inclusion in AVID: CVE-2023-25660 describes a NULL pointer dereference in TensorFlow’s tf.raw_ops.Print causing a segfault in versions prior to 2.12.0 and 2.11.1. This is a security vulnerability in a core ML software component used to build/deploy AI systems, with published fixes. It affects the software supply chain for general-purpose AI systems (TensorFlow and related tooling), not hardware/firmware. The report includes CVE, affected versions, impact (availability), and remediation, providing sufficient signal for classification.

References

Affected or Relevant Artifacts

  • Developer: tensorflow
  • Deployer: tensorflow
  • Artifact Details:
TypeName
Systemtensorflow

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.1
Vector StringCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score7.5
Base Severity🔴 High
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges RequiredNONE
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability Impact🔴 High

CWE

IDDescription
CWE-476CWE-476: NULL Pointer Dereference

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2023-03-24
  • Version: 0.3.3
  • AVID Entry