AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41898: TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFl

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2022CVE-2022-41898

Summary

TensorFlow, an open source machine learning platform, crashes when a function called `SparseFillEmptyRowsGrad` receives empty inputs instead of data. This happens because the code doesn't properly validate (check) what data it receives before trying to process it.

Solution / Mitigation

The fix is included in TensorFlow version 2.11. For users still on older supported versions, patches were also applied to TensorFlow 2.10.1, 2.9.3, and 2.8.4. Users should update to one of these patched versions. The specific patch commit is af4a6a3c8b95022c351edae94560acc61253a1b8 on GitHub.

Vulnerability Details

CVSS Score

4.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-20

Affected Vendors

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%