CVE-2022-23575: Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSiz
Summary
TensorFlow, an open-source machine learning framework, has a vulnerability in its `OpLevelCostEstimator::CalculateTensorSize` function that can be exploited through integer overflow (a type of bug where numbers become too large for the program to handle correctly). An attacker could trigger this by creating an operation with a tensor (a multi-dimensional array of data) containing an extremely large number of elements.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.
Vulnerability Details
6.5(medium)
EPSS: 0.2%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2025-33254: NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A success
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23575
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 92%