{"data":{"id":"74548612-65d5-442c-95ab-ea1399a9e332","title":"CVE-2022-41900: TensorFlow is an open source platform for machine learning. The security vulnerability results in FractionalMax(AVG)Pool","summary":"TensorFlow (an open source machine learning platform) has a security vulnerability in its FractionalMaxPool and FractionalAvgPool functions when given invalid pooling_ratio values. Attackers can exploit this to access heap memory (the computer's temporary storage area outside normal program control), potentially causing the system to crash or allowing remote code execution (running harmful commands on someone else's computer).","solution":"The vulnerability was patched in GitHub commit 216525144ee7c910296f5b05d214ca1327c9ce48. The fix will be included in TensorFlow 2.11.0, and the patch will also be applied to TensorFlow 2.10.1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41900","publishedAt":"2022-11-19T03:15:20.273Z","cveId":"CVE-2022-41900","cweIds":["CWE-125","CWE-787"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01271,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100","CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}