AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-35934: TensorFlow is an open source platform for machine learning. The implementation of tf.reshape op in TensorFlow is vulnera

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 16, 2022CVE-2022-35934

Summary

TensorFlow's tf.reshape operation (a function that changes a tensor's shape without altering its data) has a vulnerability that allows attackers to crash the program by causing an integer overflow (when a number exceeds the maximum value a system can store), triggering a denial of service attack (making the service unavailable). The issue affects multiple versions of TensorFlow and has been patched.

Solution / Mitigation

Update to TensorFlow 2.10.0, or apply the cherrypick to versions 2.9.1, 2.8.1, or 2.7.2 (the patched versions for users on older supported releases). The fix is included in GitHub commit 61f0f9b94df8c0411f0ad0ecc2fec2d3f3c33555. There are no known workarounds for this issue.

Vulnerability Details

CVSS Score

5.9(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

DoS

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-617 CWE-617

Affected Vendors

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%