{"data":{"id":"11e25a68-8a3d-4ffb-8558-de0da563a898","title":"CVE-2022-35998: TensorFlow is an open source platform for machine learning. If `EmptyTensorList` receives an input `element_shape` with ","summary":"TensorFlow, an open source platform for machine learning, has a vulnerability in its `EmptyTensorList` function that crashes when given certain inputs, allowing attackers to trigger a denial of service attack (making a service unavailable by overwhelming it). The bug occurs when the function receives an `element_shape` input with more than one dimension.","solution":"The issue is patched in GitHub commit c8ba76d48567aed347508e0552a257641931024d. Users should update to TensorFlow 2.10.0, or for those on earlier versions, update to TensorFlow 2.9.1, 2.8.1, or 2.7.2 (which will include a cherrypicked fix). No workarounds exist for this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35998","publishedAt":"2022-09-17T03:15:10.527Z","cveId":"CVE-2022-35998","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0007,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}