{"data":{"id":"42696154-9a80-4f3d-9348-b55480c91d27","title":"CVE-2022-35990: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_per_chann","summary":"A vulnerability in TensorFlow (an open source platform for machine learning) allows attackers to crash the system by sending specially formatted inputs to a specific function called `tf.quantization.fake_quant_with_min_max_vars_per_channel_gradient`, causing a denial of service attack (where a system becomes unavailable). The issue occurs when the function receives input parameters with the wrong structure (rank other than 1).","solution":"The vulnerability was patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix is included in TensorFlow 2.10.0 and will also be backported (applied to older versions still receiving updates) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35990","publishedAt":"2022-09-17T02:15:11.727Z","cveId":"CVE-2022-35990","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}