{"data":{"id":"770cc688-cf36-49d3-b38f-5cc64cb58323","title":"CVE-2023-25672: TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle ","summary":"TensorFlow, an open source platform for machine learning, has a bug in the `tf.raw_ops.LookupTableImportV2` function where it cannot properly handle scalar values (single values, not arrays) in the `values` parameter, causing an NPE (null pointer exception, when the program tries to use a value that doesn't exist). This is a type of vulnerability called NULL Pointer Dereference (CWE-476).","solution":"A fix is included in TensorFlow version 2.12.0 and version 2.11.1. Users can also reference the patch at https://github.com/tensorflow/tensorflow/commit/980b22536abcbbe1b4a5642fc940af33d8c19b69.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-25672","publishedAt":"2023-03-25T04:15:07.817Z","cveId":"CVE-2023-25672","cweIds":["CWE-476"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00091,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}