{"data":{"id":"30789b76-b092-48ad-b2c2-0e8c20cd2787","title":"CVE-2022-35965: TensorFlow is an open source platform for machine learning. If `LowerBound` or `UpperBound` is given an empty`sorted_inp","summary":"TensorFlow (an open source platform for machine learning) has a bug where the `LowerBound` or `UpperBound` functions crash if given an empty input list, causing a nullptr dereference (trying to access memory that doesn't exist). This crash can be exploited to launch a denial of service attack (making the system unavailable to legitimate users).","solution":"The issue was patched in GitHub commit bce3717eaef4f769019fd18e990464ca4a2efeea. The fix will be included in TensorFlow 2.10.0 and will also be back-ported (applied retroactively) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35965","publishedAt":"2022-09-17T01:15:08.967Z","cveId":"CVE-2022-35965","cweIds":["CWE-476"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00071,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}