AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23570: Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a nul

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23570

Summary

TensorFlow, an open-source machine learning framework, has a bug where it can crash or behave unpredictably when decoding certain data structures (protobuf, a format for storing structured data) if some required information is missing. The problem occurs because the code only checks for this issue in debug builds (test versions), not in production builds (versions used in real applications), so real users may experience crashes or undefined behavior.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1 and TensorFlow 2.6.3 will also receive this fix through a cherrypick (backporting the fix to older supported versions).

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.5%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476 CWE-617

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23570

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%