{"data":{"id":"1888fb77-2ba6-4085-a26e-9905286a1950","title":"CVE-2022-36003: TensorFlow is an open source platform for machine learning. When `RandomPoissonV2` receives large input shape and rates,","summary":"TensorFlow (an open source machine learning platform) has a vulnerability in its `RandomPoissonV2` function where large input values can cause a CHECK fail (a safety check that stops execution), allowing attackers to trigger a denial of service attack (making the system unavailable). The vulnerability affects multiple versions of TensorFlow.","solution":"The issue has been patched in GitHub commit 552bfced6ce4809db5f3ca305f60ff80dd40c5a3. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older versions) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36003","publishedAt":"2022-09-17T03:15:10.823Z","cveId":"CVE-2022-36003","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}