{"data":{"id":"c08fc03c-6487-4784-a358-115d13855aa4","title":"CVE-2022-35969: TensorFlow is an open source platform for machine learning. The implementation of `Conv2DBackpropInput` requires `input_","summary":"TensorFlow (an open-source machine learning platform) has a bug in the `Conv2DBackpropInput` function where it crashes if the `input_sizes` parameter is not 4-dimensional, allowing attackers to cause a denial of service (making the system unavailable). The issue has been fixed and will be released in upcoming versions.","solution":"The fix is included in TensorFlow 2.10.0. For users on older versions, the patch will be available in TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Update to one of these versions or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35969","publishedAt":"2022-09-17T01:15:09.227Z","cveId":"CVE-2022-35969","cweIds":["CWE-617","CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}