{"data":{"id":"85fbbb50-9abf-4063-8d79-58604bf33bad","title":"CVE-2022-41894: TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow L","summary":"TensorFlow Lite's `CONV_3D_TRANSPOSE` operator (a component that flips and reorganizes 3D data during machine learning processing) had a bug where it incorrectly calculated memory addresses when adding bias values, potentially allowing an attacker to write data outside the intended memory area (buffer overflow, where data gets written beyond allocated boundaries). The vulnerability only affects users who employ TensorFlow's default kernel resolver in their interpreter.","solution":"The issue was patched in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11, and will be backported to TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41894","publishedAt":"2022-11-19T03:15:17.523Z","cveId":"CVE-2022-41894","cweIds":["CWE-120"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00215,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}