{"data":{"id":"f5d2f6ea-2932-4565-a8c0-96b6e947b1b0","title":"CVE-2022-36005: TensorFlow is an open source platform for machine learning. When `tf.quantization.fake_quant_with_min_max_vars_gradient`","summary":"TensorFlow, an open source platform for machine learning, has a vulnerability in its `tf.quantization.fake_quant_with_min_max_vars_gradient` function where nonscalar (multi-dimensional) input values for `min` or `max` parameters cause a CHECK fail, which is a crash that could enable a denial of service attack (disrupting service availability). The vulnerability affects multiple supported versions of TensorFlow.","solution":"The issue has been patched in GitHub commit f3cf67ac5705f4f04721d15e485e192bb319feed. The fix will be included in TensorFlow 2.10.0, and will also be backported to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. There are no known workarounds.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-36005","publishedAt":"2022-09-17T03:15:10.937Z","cveId":"CVE-2022-36005","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00067,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}