{"data":{"id":"b06de36e-be17-43b9-8852-65bd406a0cb7","title":"CVE-2022-23566: Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The","summary":"TensorFlow, an open-source machine learning framework, has a vulnerability in its Grappler component where the `set_output` function can write data to an array at any index specified by an attacker, creating a heap OOB write (out-of-bounds write, where data is written to memory locations it shouldn't access). This gives a malicious user the ability to write arbitrary data to unintended memory locations.","solution":"The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, 2.6.3, and 2.5.3 will also receive the fix via a cherry-pick (applying specific code changes to older versions), as these versions are still supported and also affected.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23566","publishedAt":"2022-02-05T04:15:14.060Z","cveId":"CVE-2022-23566","cweIds":["CWE-787"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00391,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}