Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-s8hv-3hsb-mfca
Vulnerability ID VCID-s8hv-3hsb-mfca
Aliases CVE-2023-27579
GHSA-5w96-866f-6rm8
Summary Incorrect Comparison TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-697 Incorrect Comparison
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00206 https://api.first.org/data/v1/epss?cve=CVE-2023-27579
cvssv3.1 7.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-5w96-866f-6rm8
cvssv3.1 7.5 https://github.com/tensorflow/tensorflow
generic_textual HIGH https://github.com/tensorflow/tensorflow
cvssv3.1 7.5 https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
generic_textual HIGH https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
ssvc Track https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
cvssv3.1 7.5 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
cvssv3.1_qr HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
generic_textual HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
ssvc Track https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-27579
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-27579
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-27579
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
https://nvd.nist.gov/vuln/detail/CVE-2023-27579
GHSA-5w96-866f-6rm8 https://github.com/advisories/GHSA-5w96-866f-6rm8
GHSA-5w96-866f-6rm8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/ Found at https://github.com/tensorflow/tensorflow/commit/34f8368c535253f5c9cb3a303297743b62442aaa
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-19T20:44:58Z/ Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5w96-866f-6rm8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-27579
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.42803
EPSS Score 0.00206
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:00:05.677513+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow-gpu/CVE-2023-27579.yml 38.6.0