{"data":{"id":"86ea389d-d510-43f8-90d5-365fe35dd1db","title":"CVE-2022-41890: TensorFlow is an open source platform for machine learning. If `BCast::ToShape` is given input larger than an `int32`, i","summary":"TensorFlow is a machine learning platform that had a bug where a function called `BCast::ToShape` would crash when given very large numbers (larger than an `int32`, which is a 32-bit integer) even though it was designed to handle even larger numbers called `int64`. This bug could be triggered by using the `tf.experimental.numpy.outer` function with large inputs.","solution":"The issue was patched in GitHub commit 8310bf8dd188ff780e7fc53245058215a05bdbe5. The fix will be included in TensorFlow 2.11, and will also be backported (applied to earlier versions) in TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41890","publishedAt":"2022-11-19T03:15:16.160Z","cveId":"CVE-2022-41890","cweIds":["CWE-704"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00121,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}