{"data":{"id":"90879387-9166-4301-a862-d64eed7f0aac","title":"CVE-2022-21725: Tensorflow is an Open Source Machine Learning Framework. The estimator for the cost of some convolution operations can b","summary":"TensorFlow (an open-source machine learning framework) has a bug where a cost estimator for convolution operations can be forced to divide by zero because it doesn't check that the stride argument (a parameter controlling step size in operations) is positive. The fix adds validation to ensure the stride is valid before the operation runs.","solution":"The fix will be included in TensorFlow 2.8.0. The fix will also be back-ported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-21725","publishedAt":"2022-02-03T18:15:07.870Z","cveId":"CVE-2022-21725","cweIds":["CWE-369","CWE-369"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0022,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}