{"data":{"id":"b67b12ff-8636-4782-9b7b-03487c9a2302","title":"CVE-2022-35981: TensorFlow is an open source platform for machine learning. `FractionalMaxPoolGrad` validates its inputs with `CHECK` fa","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in its `FractionalMaxPoolGrad` function (a component that processes pooling operations) where it uses CHECK failures instead of returning errors to validate inputs. If someone sends incorrectly sized inputs to this function, they can trigger a denial of service attack (making the system crash or become unresponsive).","solution":"Update TensorFlow to version 2.10.0 or apply the patch from GitHub commit 8741e57d163a079db05a7107a7609af70931def4. The fix is also being included in TensorFlow 2.9.1, 2.8.1, and 2.7.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35981","publishedAt":"2022-09-17T02:15:11.183Z","cveId":"CVE-2022-35981","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}