CVE-2023-25801: 
Python vulnerability analysis and mitigation

TensorFlow, an open source machine learning platform, disclosed a vulnerability (CVE-2023-25801) affecting versions prior to 2.12.0 and 2.11.1. The vulnerability was discovered in the nn_ops.fractional_avg_pool_v2 and nn_ops.fractional_max_pool_v2 functions, where the first and fourth elements of their parameter pooling_ratio must be equal to 1.0, as pooling on batch and channel dimensions is not supported (GitHub Advisory, NVD).

The vulnerability is classified as a double free issue in the Fractional(Max/Avg)Pool operations. The CVSS v3.1 base score is 7.8 (HIGH), with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue specifically occurs when the pooling_ratio parameter contains invalid values for batch and channel dimensions (NVD).

If exploited, this vulnerability could lead to a double free condition, potentially resulting in program crashes or remote code execution. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of the system (NVD).

The vulnerability has been patched in TensorFlow versions 2.12.0 and 2.11.1. The fix was implemented through GitHub commit ee50d1e00f81f62a4517453f721c634bbb478307. Users are advised to upgrade to these patched versions to mitigate the vulnerability (GitHub Advisory).