{"data":{"id":"32644472-8c2d-4422-a97b-b830d20f9124","title":"CVE-2022-41898: TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFl","summary":"TensorFlow, an open source machine learning platform, crashes when a function called `SparseFillEmptyRowsGrad` receives empty inputs instead of data. This happens because the code doesn't properly validate (check) what data it receives before trying to process it.","solution":"The fix is included in TensorFlow version 2.11. For users still on older supported versions, patches were also applied to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The specific patch commit is af4a6a3c8b95022c351edae94560acc61253a1b8 on GitHub.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41898","publishedAt":"2022-11-19T03:15:19.420Z","cveId":"CVE-2022-41898","cweIds":["CWE-20"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00158,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}