{"data":{"id":"e8cbff9c-bd0b-4885-a6b6-e3f8a5165145","title":"CVE-2022-21732: Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger","summary":"TensorFlow (an open source machine learning framework) has a vulnerability in its `ThreadPoolHandle` component that allows attackers to cause a denial of service attack (making a service unavailable by overwhelming it) by allocating excessive memory. The problem exists because the code only checks that the `num_threads` argument is not negative, but does not limit how large the value can be.","solution":"The fix will be included in TensorFlow 2.8.0 and will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 (which are still supported versions).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-21732","publishedAt":"2022-02-03T17:15:07.933Z","cveId":"CVE-2022-21732","cweIds":["CWE-770"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0022,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}