{"data":{"id":"2a9c70c8-10f1-4b46-9812-e37d6046fe5c","title":"CVE-2022-35971: TensorFlow is an open source platform for machine learning. If `FakeQuantWithMinMaxVars` is given `min` or `max` tensors","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in the `FakeQuantWithMinMaxVars` function where providing certain types of input tensors (multidimensional arrays of numbers) causes the program to crash, enabling a denial of service attack (making a system unavailable to users). The vulnerability has been identified and fixed in the codebase.","solution":"The fix is included in TensorFlow 2.10.0. Users of earlier versions should update to TensorFlow 2.9.1, TensorFlow 2.8.1, or TensorFlow 2.7.2, which will receive the patch through a cherry-pick (backporting the fix to older versions). No workarounds are available.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35971","publishedAt":"2022-09-17T01:15:09.360Z","cveId":"CVE-2022-35971","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}