{"data":{"id":"d92fc731-af9e-46e1-8618-68889264d6d9","title":"CVE-2022-23559: Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an intege","summary":"TensorFlow (an open-source machine learning framework) has a vulnerability where an attacker can create a malicious TFLite model (a lightweight version of TensorFlow for mobile devices) that causes an integer overflow (when a number calculation exceeds the maximum value a computer can store) in embedding lookup operations. This overflow can sometimes lead to heap OOB read/write (accessing memory outside the intended boundaries), potentially allowing attackers to read or corrupt data.","solution":"Users are advised to upgrade to a patched version. Patches are available at: https://github.com/tensorflow/tensorflow/commit/1de49725a5fc4e48f1a3b902ec3599ee99283043, https://github.com/tensorflow/tensorflow/commit/a4e401da71458d253b05e41f28637b65baf64be4, and https://github.com/tensorflow/tensorflow/commit/f19be71717c497723ba0cea0379e84f061a75e01","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23559","publishedAt":"2022-02-05T04:15:13.673Z","cveId":"CVE-2022-23559","cweIds":["CWE-190","CWE-190"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00517,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}