Login Sign Up

CVE-2023-25661

6.5 MEDIUM
Denial of Service

📋 TL;DR

This vulnerability in TensorFlow allows an attacker with input privileges to provide malicious data to the Convolution3DTranspose function, causing a crash and denial of service. It affects TensorFlow versions before 2.11.1 when models use this common neural network layer. Organizations using vulnerable TensorFlow versions in ML applications or cloud services are at risk.

💻 Affected Systems

Products:
  • TensorFlow
Versions: All versions prior to 2.11.1
Operating Systems: All platforms running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using Convolution3DTranspose layers in TensorFlow models.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for ML cloud services or applications using vulnerable TensorFlow models, disrupting business operations.

🟠

Likely Case

Application crashes requiring restart when malicious input reaches Convolution3DTranspose layers in deployed models.

🟢

If Mitigated

Limited impact with input validation and proper access controls, though crash still possible with valid malicious input.

🌐 Internet-Facing: MEDIUM - Requires attacker to have input access to vulnerable function, but common in ML APIs and cloud services.
🏢 Internal Only: MEDIUM - Internal ML applications could be crashed by malicious insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Proof of concept exists in advisory, requires input access to Convolution3DTranspose function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.11.1

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fxgc-95xx-grvq

Restart Required: Yes

Instructions:

1. Upgrade TensorFlow to version 2.11.1 or later using pip: 'pip install --upgrade tensorflow==2.11.1' 2. Restart all services using TensorFlow 3. Rebuild and redeploy any affected ML models

🔧 Temporary Workarounds

No known workarounds

all

The advisory states there are no known workarounds for this vulnerability

🧯 If You Can't Patch

  • Implement strict input validation and sanitization for all inputs to TensorFlow models
  • Restrict access to ML inference endpoints to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: 'python -c "import tensorflow as tf; print(tf.__version__)"' - if version < 2.11.1 and using Convolution3DTranspose, vulnerable.

Check Version:

python -c "import tensorflow as tf; print(tf.__version__)"

Verify Fix Applied:

Verify TensorFlow version is 2.11.1 or higher and test Convolution3DTranspose with previously crashing inputs.

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow crash logs with 'Check Failed' errors
  • Application crashes when processing Convolution3DTranspose operations

Network Indicators:

  • Unusual patterns of requests to ML inference endpoints followed by service crashes

SIEM Query:

source="tensorflow" AND ("Check Failed" OR "Convolution3DTranspose" AND error)

📊 Metadata

CVE ID: CVE-2023-25661
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-20
Published: March 27, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-25661, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)