{"data":{"id":"a210155f-31a4-4ebb-98e5-c4b33beb43a5","title":"CVE-2022-23590: Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously ","summary":"TensorFlow (an open source machine learning framework) has a vulnerability where a maliciously altered GraphDef (a representation of a machine learning model's computation graph) from a SavedModel can crash a TensorFlow process by forcing extraction of a value from a StatusOr (a data structure that holds either a valid result or an error state). The issue affects both TensorFlow 2.7 and 2.8 versions.","solution":"The issue has been patched in TensorFlow 2.8.0 and TensorFlow 2.7.1. Users should upgrade to these versions or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23590","publishedAt":"2022-02-05T04:15:15.200Z","cveId":"CVE-2022-23590","cweIds":["CWE-754"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00239,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}