{"data":{"id":"bd4f6445-5b08-48e3-8d35-8be9d36b449d","title":"CVE-2022-21726: Tensorflow is an Open Source Machine Learning Framework. The implementation of `Dequantize` does not fully validate the ","summary":"TensorFlow, an open-source machine learning framework, has a bug in its `Dequantize` function where the `axis` parameter (which specifies which dimension to operate on) isn't properly validated. This allows attackers to read past the end of an array in memory, potentially causing crashes or exposing sensitive data through a heap OOB (out-of-bounds) access, which means reading memory locations outside the intended storage area.","solution":"The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 through backported commits (cherrypicks).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-21726","publishedAt":"2022-02-03T16:15:07.810Z","cveId":"CVE-2022-21726","cweIds":["CWE-125","CWE-125"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00296,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}