{"data":{"id":"25d8a35f-8b01-48d6-88c8-c92fe02f1e1b","title":"CVE-2022-35986: TensorFlow is an open source platform for machine learning. If `RaggedBincount` is given an empty input tensor `splits`,","summary":"TensorFlow (an open source machine learning platform) has a bug where the `RaggedBincount` function crashes when given an empty input tensor called `splits`, which can be exploited to launch a denial of service attack (making a service unavailable by overwhelming it). The vulnerability affects multiple versions of the software.","solution":"Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 7a4591fd4f065f4fa903593bc39b2f79530a74b8. If you cannot update to 2.10.0 yet, cherrypicked fixes are also available in TensorFlow 2.9.1, 2.8.1, and 2.7.2. There are no known workarounds for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35986","publishedAt":"2022-09-17T02:15:11.487Z","cveId":"CVE-2022-35986","cweIds":["CWE-20"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00066,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}