{"data":{"id":"9b7a19b3-924a-4bb7-aaf8-d421457dbe9e","title":"CVE-2023-33976: TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when no","summary":"A bug in TensorFlow (an open source platform for building machine learning models) causes a segfault (a crash where the program tries to access memory it shouldn't) when the `array_ops.upper_bound` function receives input that is not a rank 2 tensor (a two-dimensional array of numbers).","solution":"The fix is included in TensorFlow 2.13 and has also been applied to TensorFlow 2.12 through a cherrypick commit (applying a specific code change to an older version).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-33976","publishedAt":"2024-07-31T00:15:03.023Z","cveId":"CVE-2023-33976","cweIds":["CWE-190","CWE-190"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00031,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}