{"data":{"id":"af585da3-bf72-45b7-8651-83c97fdc1b5f","title":"CVE-2023-25661: TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a","summary":"TensorFlow (an open-source machine learning framework) versions before 2.11.1 have a bug where a malicious invalid input can crash a model and trigger a denial of service attack (making a service unavailable by overwhelming it). The vulnerability exists in the Convolution3DTranspose function, which is commonly used in modern neural networks, and could be exploited if an attacker can send input to this function.","solution":"Upgrade to TensorFlow version 2.11.1 or later. The source states there are no known workarounds for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-25661","publishedAt":"2023-03-28T00:15:09.417Z","cveId":"CVE-2023-25661","cweIds":["CWE-20"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00141,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}