{"data":{"id":"1b88fcb1-6585-4d36-9bd9-8e696615d280","title":"CVE-2022-23568: Tensorflow is an Open Source Machine Learning Framework. The implementation of `AddManySparseToTensorsMap` is vulnerable","summary":"TensorFlow (an open-source machine learning framework) has a vulnerability in the `AddManySparseToTensorsMap` function where an integer overflow (when a number gets too large for its storage space) causes the program to crash when creating new TensorShape objects. The problem exists because the code doesn't properly validate input tensor shapes before using them.","solution":"The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 through a cherrypick (applying specific code changes to older versions).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23568","publishedAt":"2022-02-03T17:15:08.177Z","cveId":"CVE-2022-23568","cweIds":["CWE-190","CWE-190"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00303,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}