{"data":{"id":"2cd28edf-601b-4edc-881c-7acd44067761","title":"CVE-2022-23594: Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions ","summary":"TensorFlow (an open-source machine learning framework) has a vulnerability in its TFG dialect, which is part of MLIR (a compiler framework for optimizing code). An attacker can modify the SavedModel format (the way trained models are saved to disk) to break assumptions the system makes, which can crash the Python interpreter or cause heap OOB (out-of-bounds memory access, where code reads or writes memory it shouldn't).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23594","publishedAt":"2022-02-05T04:15:15.410Z","cveId":"CVE-2022-23594","cweIds":["CWE-125","CWE-125","CWE-787"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100","CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}