{"data":{"id":"1d63e3d3-8136-49df-8848-ace17fb0ad27","title":"CVE-2022-41899: TensorFlow is an open source platform for machine learning. Inputs `dense_features` or `example_state_data` not of rank ","summary":"TensorFlow (an open source machine learning platform) has a bug where certain inputs with incorrect dimensions crash the SdcaOptimizer component due to a failed validation check. This happens when `dense_features` or `example_state_data` inputs don't have the expected 2D structure (rank 2, meaning a table with rows and columns).","solution":"The fix is included in TensorFlow 2.11. For users on earlier versions, the patch will also be available in TensorFlow 2.10.1, 2.9.3, and 2.8.4. The specific fix is referenced in GitHub commit 80ff197d03db2a70c6a111f97dcdacad1b0babfa.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41899","publishedAt":"2022-11-19T03:15:19.817Z","cveId":"CVE-2022-41899","cweIds":["CWE-20","CWE-617"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00158,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}