{"data":{"id":"d9ee64ee-55c2-4153-86ef-47439c63d51e","title":"CVE-2022-23587: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vu","summary":"TensorFlow, an open-source machine learning framework, has a vulnerability in its Grappler component (a tool that optimizes computational graphs) that causes an integer overflow (when a number becomes too large to store) during cost estimation for crop and resize operations. Since attackers can control the cropping parameters, they can trigger undefined behavior (unpredictable actions that may crash the system or cause other problems).","solution":"The fix will be included in TensorFlow 2.8.0. This commit will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these versions are still supported.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-23587","publishedAt":"2022-02-05T04:15:15.033Z","cveId":"CVE-2022-23587","cweIds":["CWE-190","CWE-190"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00295,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}