{"data":{"id":"5658ad43-a090-45e2-a53a-d3e5b21aae19","title":"CVE-2022-41907: TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.ResizeNearestNeighborGrad` function where a large `size` input causes an integer overflow (a calculation error where a number becomes too big for its storage space). This bug allows an attacker to potentially crash the system or execute malicious code.","solution":"The fix is included in TensorFlow 2.11 and has been backported to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The specific patch is available in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41907","publishedAt":"2022-11-19T03:15:21.277Z","cveId":"CVE-2022-41907","cweIds":["CWE-131"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00126,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}