{"data":{"id":"f89437e1-7fd4-40d8-aed9-80ff2a037806","title":"CVE-2022-35979: TensorFlow is an open source platform for machine learning. If `QuantizedRelu` or `QuantizedRelu6` are given nonscalar i","summary":"TensorFlow (an open-source machine learning platform) has a vulnerability where two functions called `QuantizedRelu` and `QuantizedRelu6` crash when given certain types of incorrect inputs for their `min_features` or `max_features` parameters, which attackers could exploit to cause a denial of service attack (making the system unavailable).","solution":"The issue has been patched in GitHub commit 49b3824d83af706df0ad07e4e677d88659756d89. The fix is included in TensorFlow 2.10.0 and will be backported (applied to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. No workarounds are available, so users must update to a patched version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35979","publishedAt":"2022-09-17T02:15:11.117Z","cveId":"CVE-2022-35979","cweIds":["CWE-20"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}