{"data":{"id":"1ccf456c-57ef-4cb2-8274-b1d814bc4120","title":"CVE-2022-23573: Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitia","summary":"TensorFlow's `AssignOp` (a copy operation in machine learning code) has a bug where it can copy uninitialized data (memory with random or leftover values) to a new tensor, causing unpredictable behavior. The code only checks that the destination is ready, but not the source, leaving room for uninitialized data to be used.","solution":"Update to TensorFlow 2.8.0. If you cannot upgrade immediately, apply backported fixes available in TensorFlow 2.7.1, TensorFlow 2.6.3, or TensorFlow 2.5.3, which are still supported versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23573","publishedAt":"2022-02-05T04:15:14.287Z","cveId":"CVE-2022-23573","cweIds":["CWE-908"],"cvssScore":"7.6","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00295,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}