CVE-2022-23575: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSiz
Summary
TensorFlow, an open-source machine learning framework, has a vulnerability in its `OpLevelCostEstimator::CalculateTensorSize` function that can be exploited through integer overflow (a type of bug where numbers become too large for the program to handle correctly). An attacker could trigger this by creating an operation with a tensor (a multi-dimensional array of data) containing an extremely large number of elements.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.
Vulnerability Details
6.5(medium)
EPSS: 0.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2024-5452: A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to im
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23575
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 92%