{"data":{"id":"b39dcd23-f9f3-4b4e-9be0-e7f8b03e22e1","title":"CVE-2022-21739: Tensorflow is an Open Source Machine Learning Framework. The implementation of `QuantizedMaxPool` has an undefined behav","summary":"TensorFlow (an open source machine learning framework) has a bug in its `QuantizedMaxPool` function where user-controlled inputs can trigger a null pointer dereference (a crash caused by the program trying to access memory that doesn't exist). The vulnerability allows attackers to potentially cause the program to crash or behave unpredictably.","solution":"The fix will be included in TensorFlow 2.8.0. The patch will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3. Users should update to one of these versions or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-21739","publishedAt":"2022-02-03T19:15:08.510Z","cveId":"CVE-2022-21739","cweIds":["CWE-476","CWE-476"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00221,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}