{"data":{"id":"ec03d54d-570a-40f3-99bf-2f28551acd47","title":"CVE-2022-36012: TensorFlow is an open source platform for machine learning. When `mlir::tfg::ConvertGenericFunctionToFunctionDef` is giv","summary":"TensorFlow (an open source platform for machine learning) crashes when a specific internal function called `mlir::tfg::ConvertGenericFunctionToFunctionDef` receives empty function attributes (data describing how a function should behave). This is a reachable assertion vulnerability, meaning the program encounters an unexpected condition it cannot handle.","solution":"Update to TensorFlow 2.10.0, or apply the patch from GitHub commit ad069af92392efee1418c48ff561fd3070a03d7b. Users of earlier versions should also update to TensorFlow 2.9.1, 2.8.1, or 2.7.2, which will also include this fix.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36012","publishedAt":"2022-09-17T03:15:11.070Z","cveId":"CVE-2022-36012","cweIds":["CWE-617","CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00181,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}