{"data":{"id":"6b89bf65-1123-48a1-972a-7a55d8e29748","title":"CVE-2022-36013: TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to ","summary":"TensorFlow (an open source platform for machine learning) crashes when a component called mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs (data structures that define operations) without an operation name. This is a crash vulnerability that could cause the software to stop working unexpectedly.","solution":"The fix is included in TensorFlow 2.10.0 and will be cherrypicked (a process of applying specific fixes to older versions) into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. The source notes there are no known workarounds for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36013","publishedAt":"2022-09-17T03:15:11.127Z","cveId":"CVE-2022-36013","cweIds":["CWE-476"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00211,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}