{"data":{"id":"59445781-1f74-4439-a9db-fa434eee0a22","title":"CVE-2022-36001: TensorFlow is an open source platform for machine learning. When `DrawBoundingBoxes` receives an input `boxes` that is n","summary":"TensorFlow (an open-source machine learning platform) has a vulnerability in its `DrawBoundingBoxes` function where receiving input boxes that aren't float data types causes a CHECK fail, which can be exploited to disable the system through a denial of service attack (overwhelming it with requests). The vulnerability affects multiple versions of TensorFlow.","solution":"The issue has been patched in GitHub commit da0d65cdc1270038e72157ba35bf74b85d9bda11. Users should update to TensorFlow 2.10.0, or for earlier versions, update to TensorFlow 2.9.1, 2.8.1, or 2.7.2, as these patched versions are available for affected and still-supported releases. No workarounds exist.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36001","publishedAt":"2022-09-17T03:15:10.707Z","cveId":"CVE-2022-36001","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}