{"data":{"id":"fd339557-c5e5-4874-bb42-ef6c1b9e373d","title":"CVE-2022-29198: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in a function called `tf.raw_ops.SparseTensorToCSRSparseMatrix` that doesn't properly check its inputs before processing them. This missing validation allows attackers to cause a denial of service attack (making the system crash or become unavailable) by sending specially crafted data that violates the expected format for sparse tensors (data structures that store mostly empty values efficiently).","solution":"Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later, as these versions contain a patch for this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2022-29198","publishedAt":"2022-05-21T02:16:40.810Z","cveId":"CVE-2022-29198","cweIds":["CWE-20"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00044,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}