{"data":{"id":"90fccf09-f712-41b6-a241-0baaa4b02b59","title":"CVE-2022-35940: TensorFlow is an open source platform for machine learning. The `RaggedRangOp` function takes an argument `limits` that ","summary":"TensorFlow's `RaggedRangOp` function has a bug where passing a very large float value to the `limits` argument causes it to overflow when converted to an `int64` (a 64-bit integer type), crashing the entire program with an abort signal. This vulnerability affects multiple versions of TensorFlow and has no known workaround.","solution":"The issue has been patched in GitHub commit 37cefa91bee4eace55715eeef43720b958a01192. The fix will be included in TensorFlow 2.10.0, and will also be applied to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35940","publishedAt":"2022-09-17T00:15:10.307Z","cveId":"CVE-2022-35940","cweIds":["CWE-190"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00181,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}