AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23576: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSiz

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23576

Summary

TensorFlow (an open-source machine learning framework) has a vulnerability in its `OpLevelCostEstimator::CalculateOutputSize` function where an integer overflow (when a calculation produces a number too large for the system to handle) can occur if an attacker creates an operation with tensors (multi-dimensional arrays of numbers) containing enough elements. The vulnerability can be triggered either by using many dimensions or by making individual dimensions large enough to cause the overflow.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3.

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-190

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%