{"data":{"id":"3dd40cbc-1d72-44af-b77f-93e74dc1f9a3","title":"CVE-2022-41901: TensorFlow is an open source platform for machine learning. An input `sparse_matrix` that is not a matrix with a shape w","summary":"TensorFlow, an open source machine learning platform, has a bug where invalid input to the `SparseMatrixNNZ` function (a function that counts non-zero values in a sparse matrix, which is a matrix stored efficiently by only keeping non-zero elements) causes the program to crash with a CHECK fail (an assertion error, where the program stops because a required condition wasn't met). This vulnerability affects multiple versions of TensorFlow.","solution":"The issue has been patched in GitHub commit f856d02e5322821aad155dad9b3acab1e9f5d693. The fix is included in TensorFlow 2.11 and has been backported (adapted for older versions) to TensorFlow 2.10.1, 2.9.3, and 2.8.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41901","publishedAt":"2022-11-19T03:15:20.907Z","cveId":"CVE-2022-41901","cweIds":["CWE-20","CWE-617"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00296,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}