{"data":{"id":"4ae97672-018f-415a-bb7b-16a41a14cd5e","title":"CVE-2022-41880: TensorFlow is an open source platform for machine learning. When the `BaseCandidateSamplerOp` function receives a value ","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in the `BaseCandidateSamplerOp` function that causes a heap OOB read (out-of-bounds read, where a program accesses memory it shouldn't) when it receives certain invalid input values. This is a memory safety bug that could allow attackers to read sensitive data from the program's memory.","solution":"The issue has been patched in GitHub commit b389f5c944cadfdfe599b3f1e4026e036f30d2d4. Users should update to TensorFlow 2.11, or if using earlier versions, update to TensorFlow 2.10.1, 2.9.3, or 2.8.4, which will also receive the fix through a cherry-pick (backporting the patch to older supported versions).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41880","publishedAt":"2022-11-19T03:15:10.007Z","cveId":"CVE-2022-41880","cweIds":["CWE-125"],"cvssScore":"6.8","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00155,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}