{"data":{"id":"2a05039f-e19e-4f8d-aece-19958be853bc","title":"CVE-2022-35968: TensorFlow is an open source platform for machine learning. The implementation of `AvgPoolGrad` does not fully validate ","summary":"TensorFlow, an open source machine learning platform, has a bug in the `AvgPoolGrad` function where it doesn't properly check the input parameter `orig_input_shape`. This incomplete validation causes a CHECK failure (a crash that stops the program), which attackers can exploit to perform a denial of service attack (making the system unavailable to legitimate users).","solution":"The issue has been patched in GitHub commit 3a6ac52664c6c095aa2b114e742b0aa17fdce78f. The fix will be included in TensorFlow 2.10.0, and will be backported (added to older versions still being supported) in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35968","publishedAt":"2022-09-17T01:15:09.163Z","cveId":"CVE-2022-35968","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00067,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}