{"data":{"id":"831e07ef-1883-49fa-b9f1-b3f43bc8fa2e","title":"CVE-2022-41897: TensorFlow is an open source platform for machine learning. If `FractionMaxPoolGrad` is given outsize inputs `row_poolin","summary":"TensorFlow (an open-source machine learning platform) crashes when a function called `FractionMaxPoolGrad` receives oversized inputs for `row_pooling_sequence` and `col_pooling_sequence` parameters. This is caused by an out-of-bounds read (accessing memory locations outside the intended range), which allows the program to fail unexpectedly.","solution":"The patch is available in GitHub commit d71090c3e5ca325bdf4b02eb236cfb3ee823e927. Users should upgrade to TensorFlow 2.11, or apply the patch to supported earlier versions: 2.10.1, 2.9.3, and 2.8.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41897","publishedAt":"2022-11-19T03:15:19.060Z","cveId":"CVE-2022-41897","cweIds":["CWE-125"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00127,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}