7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-27579

GHSA ID

GHSA-5w96-866f-6rm8

EPSS Score

0.34082%

CWE

CWE-697

Published

3/24/2023

Updated

3/30/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-27579

CVE-2023-27579: TensorFlow has Floating Point Exception in TFLite in conv kernel

Impact

Constructing a tflite model with a paramater filter_input_channel of less than 1 gives a FPE.

Patches

We have patched the issue in GitHub commit 34f8368c535253f5c9cb3a303297743b62442aaa.

The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.

For more information

Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.

Attribution

This vulnerability was reported by Wang Xuan of Qihoo 360 AIVul Team.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-27579

CVE-2023-27579:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-27579

GHSA ID

GHSA-5w96-866f-6rm8

EPSS Score

0.34082%

CWE

CWE-697

Published

3/24/2023

Updated

3/30/2023

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
tensorflow	pip	< 2.11.1	2.11.1
tensorflow-cpu	pip	< 2.11.1	2.11.1
tensorflow-gpu	pip

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from the missing validation of 'filter_input_channel' in the convolution kernel's Prepare function. The commit diff explicitly adds a 'TF_LITE_ENSURE(context, filter_input_channel > 0)' check to this function, confirming this was the vulnerable location. The FPE occurs during the groups calculation when filter_input_channel ≤ 0, which is directly addressed by this patch.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-27579: TensorFlow has Floating Point Exception in TFLite in conv kernel

Impact

Patches

For more information

Attribution

CVE-2023-27579:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Basic Information

Basic Information

CVE-2023-27579: TensorFlow has Floating Point Exception in TFLite in conv kernel

Impact

Patches

For more information

Attribution

7.5

7.5

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI