CVE-2022-29202: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Summary
A vulnerability in TensorFlow (an open source platform for machine learning) versions prior to 2.9.0, 2.8.1, 2.7.2, and 2.6.4 allows attackers to cause a denial of service (making a system unavailable by consuming all available memory) by exploiting the `tf.ragged.constant` function, which does not properly check its input arguments. The vulnerability exists because of improper input validation (checking that data meets expected requirements before using it).
Solution / Mitigation
Update TensorFlow to version 2.9.0, 2.8.1, 2.7.2, or 2.6.4 or later. The source states: 'Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.'
Vulnerability Details
5.5(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-29202
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%