{"data":{"id":"3a4399bc-55e4-40ab-8a42-fe5db75e4dbf","title":"CVE-2022-23560: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited r","summary":"TensorFlow, an open-source machine learning framework, has a vulnerability in TFLite (TensorFlow Lite, a lightweight version for mobile devices) where an attacker can create a specially crafted model that allows limited reads and writes outside of arrays by exploiting missing validation during conversion from sparse tensors (data structures with mostly empty values) to dense tensors (fully populated data structures). This vulnerability affects multiple versions of TensorFlow.","solution":"Upgrade to TensorFlow 2.8.0. For users on earlier supported versions, patches are also available in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3. Users are advised to upgrade as soon as possible.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23560","publishedAt":"2022-02-05T04:15:13.737Z","cveId":"CVE-2022-23560","cweIds":["CWE-125","CWE-787"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00296,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100","CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}