{"data":{"id":"7819d423-fbfa-4f02-9cfd-813f4710fd73","title":"CVE-2022-23582: Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `S","summary":"A vulnerability in TensorFlow (an open-source machine learning framework) allows attackers to cause a denial of service (making a service unavailable) by modifying a SavedModel (a serialized TensorFlow model) so that the TensorByteSize function crashes. The problem occurs because the TensorShape constructor crashes when it encounters partial shapes (incomplete dimension information) or very large numbers, instead of gracefully handling them like PartialTensorShape does.","solution":"The fix will be included in TensorFlow 2.8.0. Additionally, the patch will be backported (applied to earlier versions still receiving support) to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23582","publishedAt":"2022-02-05T04:15:14.767Z","cveId":"CVE-2022-23582","cweIds":["CWE-617"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0022,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}