{"data":{"id":"7635e681-8864-4b62-a5d3-fe7c9a03376b","title":"CVE-2022-23571: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can ","summary":"TensorFlow (an open source machine learning framework) has a vulnerability where attackers can crash TensorFlow processes by sending specially crafted data with invalid tensor types or shapes during decoding from protobuf (a data format used to serialize structured data). This is a denial of service attack, meaning the attacker can make the system stop working rather than gain unauthorized access.","solution":"The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23571","publishedAt":"2022-02-05T04:15:14.170Z","cveId":"CVE-2022-23571","cweIds":["CWE-617","CWE-617"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00118,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}