{"data":{"id":"22fc1ef4-4c77-467b-9b74-7ec9fea14966","title":"CVE-2022-36011: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv","summary":"TensorFlow, an open source machine learning platform, has a bug where a specific function crashes with a null dereference (trying to use a memory address that doesn't exist) when given empty function attributes. The issue affects multiple versions of TensorFlow and has no known workarounds.","solution":"The issue was patched in GitHub commit 1cf45b831eeb0cab8655c9c7c5d06ec6f45fc41b. The fix will be included in TensorFlow 2.10.0 and will be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36011","publishedAt":"2022-09-17T03:15:11.010Z","cveId":"CVE-2022-36011","cweIds":["CWE-476"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00071,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}