{"data":{"id":"82558dd6-f421-4afb-bd18-6514e56dfcb6","title":"CVE-2022-41893: TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListResize` is given a nonscalar value ","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.TensorListResize` function where providing a nonscalar value (a value that isn't a single number) for the `size` input causes a CHECK fail, which can be exploited to trigger a denial of service attack (making the system crash or become unavailable).","solution":"The issue has been patched in GitHub commit 888e34b49009a4e734c27ab0c43b0b5102682c56. The fix is included in TensorFlow 2.11 and will be backported to TensorFlow 2.10.1, 2.9.3, and 2.8.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41893","publishedAt":"2022-11-19T03:15:17.070Z","cveId":"CVE-2022-41893","cweIds":["CWE-617"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00165,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}