{"data":{"id":"fcc9cd8e-d2f2-4bbb-b351-33876f467e75","title":"CVE-2022-35989: TensorFlow is an open source platform for machine learning. When `MaxPool` receives a window size input array `ksize` wi","summary":"TensorFlow (an open source platform for machine learning) has a vulnerability in its MaxPool function, which crashes when given a window size array with dimensions larger than the input data, allowing attackers to cause a denial of service attack (making the system unavailable). The issue has been patched and will be fixed in upcoming versions.","solution":"The fix is included in TensorFlow 2.10.0 and will be cherrypicked into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. No workarounds are available.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-35989","publishedAt":"2022-09-17T02:15:11.667Z","cveId":"CVE-2022-35989","cweIds":["CWE-617"],"cvssScore":"5.9","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00061,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}