AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23589: Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can t

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23589

Summary

TensorFlow, a machine learning framework, has a vulnerability (CVE-2022-23589) in its Grappler component (a graph optimization tool) that can cause a null pointer dereference (crash from accessing invalid memory) when processing maliciously altered SavedModel files (serialized machine learning models). The bug occurs in two places during optimization operations and can be triggered by missing required nodes in the computation graph.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The patch will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%