{"data":{"id":"56d403e9-9dd8-458f-892f-cd6e7fe1d6d1","title":"CVE-2022-23570: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a nul","summary":"TensorFlow, an open-source machine learning framework, has a bug where it can crash or behave unpredictably when decoding certain data structures (protobuf, a format for storing structured data) if some required information is missing. The problem occurs because the code only checks for this issue in debug builds (test versions), not in production builds (versions used in real applications), so real users may experience crashes or undefined behavior.","solution":"The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1 and TensorFlow 2.6.3 will also receive this fix through a cherrypick (backporting the fix to older supported versions).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23570","publishedAt":"2022-02-05T04:15:14.113Z","cveId":"CVE-2022-23570","cweIds":["CWE-476","CWE-476","CWE-617"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00509,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}