{"data":{"id":"431320cb-3033-4b35-8c6a-0fbf127e7334","title":"CVE-2022-23572: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a ty","summary":"TensorFlow (an open source machine learning framework) has a bug where it sometimes fails to determine data types correctly during shape inference (the process of figuring out what dimensions data will have). The bug is hidden in production builds because assertion checks are disabled, causing the program to crash when it tries to use an error result as if it were valid data.","solution":"The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1 and TensorFlow 2.6.3, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23572","publishedAt":"2022-02-05T04:15:14.230Z","cveId":"CVE-2022-23572","cweIds":["CWE-754","CWE-617"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00507,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}