{"data":{"id":"bc91a94c-758d-49fb-83c0-72b4fe2ca87b","title":"CVE-2022-35937: TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the s","summary":"TensorFlow's `GatherNd` function (a tool that retrieves values from arrays based on index locations) has a vulnerability where it can read memory it shouldn't access if certain input sizes are too large. This happens because the function doesn't properly check if inputs exceed the expected output sizes, potentially exposing sensitive data or crashing the system.","solution":"The fix will be included in TensorFlow 2.10.0. Patched versions will also be available in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. The source notes there are no known workarounds for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35937","publishedAt":"2022-09-17T00:15:10.110Z","cveId":"CVE-2022-35937","cweIds":["CWE-125"],"cvssScore":"7","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0012,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}