{"data":{"id":"2f3eec2b-6b08-46be-9cb3-a364346fc20c","title":"CVE-2022-35994: TensorFlow is an open source platform for machine learning. When `CollectiveGather` receives an scalar input `input`, it","summary":"TensorFlow (an open source platform for machine learning) has a vulnerability where a function called `CollectiveGather` crashes when it receives a scalar input (a single number rather than a list of numbers), allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been fixed and will be released in upcoming versions of TensorFlow.","solution":"The fix is included in TensorFlow 2.10.0. It will also be backported (added to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. There are no known workarounds for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35994","publishedAt":"2022-09-17T03:15:10.290Z","cveId":"CVE-2022-35994","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00039,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}