AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41896: TensorFlow is an open source platform for machine learning. If `ThreadUnsafeUnigramCandidateSampler` is given input `fil

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2022CVE-2022-41896

Summary

TensorFlow (an open-source platform for machine learning) has a vulnerability where a function called `ThreadUnsafeUnigramCandidateSampler` crashes if it receives an input value for `filterbank_channel_count` that exceeds the maximum allowed size. This is caused by improper input validation (failure to check that user-provided values are within acceptable limits).

Solution / Mitigation

The fix is included in TensorFlow 2.11. The patch has also been backported to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these versions or later.

Vulnerability Details

CVSS Score

4.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-20 CWE-1284

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41896

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%