{"data":{"id":"36b4d6e2-cc1e-46e1-9658-3abad4187b91","title":"CVE-2022-21737: Tensorflow is an Open Source Machine Learning Framework. The implementation of `*Bincount` operations allows malicious u","summary":"TensorFlow (an open-source machine learning framework) has a vulnerability in its Bincount operations that allows attackers to crash the system (denial of service) by sending specially crafted arguments that trigger internal safety checks to fail. The problem occurs because some invalid input conditions aren't caught early enough during the system's processing stages, leading to crashes when the system tries to allocate memory for output data.","solution":"The fix will be included in TensorFlow 2.8.0. The fix will also be backported (applied to older versions) in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-21737","publishedAt":"2022-02-03T19:15:08.363Z","cveId":"CVE-2022-21737","cweIds":["CWE-754","CWE-754"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0022,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}