AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-36015: TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `in

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 16, 2022CVE-2022-36015

Summary

TensorFlow (an open source platform for machine learning) has a bug where the `RangeSize` function crashes when it receives numbers too large to fit into an `int64_t` (a 64-bit integer data type). This is caused by an integer overflow (when a number becomes too large for its data type to handle).

Solution / Mitigation

Update to TensorFlow 2.10.0, or apply the patch from GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. Users of TensorFlow 2.9.1, 2.8.1, or 2.7.2 should also update to patched versions of those releases. The source states: 'There are no known workarounds for this issue.'

Vulnerability Details

CVSS Score

5.9(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-190

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-36015

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%