{"data":{"id":"0a143935-9896-4b12-a8eb-3f15ad0b0c79","title":"CVE-2022-41896: TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `fil","summary":"TensorFlow (an open-source platform for machine learning) has a vulnerability where a function called `ThreadUnsafeUnigramCandidateSampler` crashes if it receives an input value for `filterbank_channel_count` that exceeds the maximum allowed size. This is caused by improper input validation (failure to check that user-provided values are within acceptable limits).","solution":"The fix is included in TensorFlow 2.11. The patch has also been backported to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these versions or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41896","publishedAt":"2022-11-19T03:15:18.590Z","cveId":"CVE-2022-41896","cweIds":["CWE-20","CWE-1284"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00158,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}