{"data":{"id":"d9b6d5e5-0a92-4b91-b9fc-4633eddf1b6e","title":"CVE-2022-41891: TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`","summary":"TensorFlow, an open source machine learning platform, has a vulnerability where a specific function called `tf.raw_ops.TensorListConcat` crashes with a segmentation fault (a memory error that causes a program to suddenly stop) when given certain invalid input. This crash can be exploited to cause a denial of service attack (making the service unavailable to users).","solution":"The fix is included in TensorFlow 2.11 and will be cherrypicked (backported) to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users can refer to GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde for the patch details.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-41891","publishedAt":"2022-11-19T03:15:16.657Z","cveId":"CVE-2022-41891","cweIds":["CWE-20"],"cvssScore":"4.8","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00158,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}