TensorFlow DOS via Convolution3DTranspose (Fix 2.11.1)
CVE-2023-25661 Published on March 27, 2023

Denial of Service in TensorFlow
TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.

Github Repository NVD

Vulnerability Analysis

CVE-2023-25661 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2023-25661. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.


Products Associated with CVE-2023-25661

Want to know whenever a new CVE is published for Google Tensorflow? stack.watch will email you.

Google Tensorflow
 

Affected Versions

tensorflow Version < 2.11.1 is affected by CVE-2023-25661

Vulnerable Packages

The following package name and versions may be associated with CVE-2023-25661

Package Manager Vulnerable Package Versions Fixed In
pip tensorflow < 2.11.1 2.11.1
pip tensorflow-cpu < 2.11.1 2.11.1

Exploit Probability

EPSS
0.14%
Percentile
33.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.