{"data":{"id":"61cbb705-0840-4d90-a940-006c20236e8e","title":"CVE-2022-23561: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write o","summary":"An attacker can create a malicious TFLite model (a compressed machine learning format for mobile devices) that writes data outside the boundaries of an array in TensorFlow, potentially overwriting the memory allocator's linked list (a data structure that tracks available memory) to achieve arbitrary write access to system memory. This vulnerability affects multiple versions of TensorFlow, an open-source framework for building AI systems.","solution":"The fix will be included in TensorFlow 2.8.0. The same fix will also be cherry-picked (backported) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23561","publishedAt":"2022-02-05T04:15:13.793Z","cveId":"CVE-2022-23561","cweIds":["CWE-787"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00175,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}