AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-36013: TensorFlow is an open source platform for machine learning. When `mlir::tfg::GraphDefImporter::ConvertNodeDef` tries to

mediumvulnerability

security

Source: NVD/CVE DatabaseSeptember 16, 2022CVE-2022-36013

Summary

TensorFlow (an open source platform for machine learning) crashes when a component called mlir::tfg::GraphDefImporter::ConvertNodeDef tries to convert NodeDefs (data structures that define operations) without an operation name. This is a crash vulnerability that could cause the software to stop working unexpectedly.

Solution / Mitigation

The fix is included in TensorFlow 2.10.0 and will be cherrypicked (a process of applying specific fixes to older versions) into TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to one of these patched versions. The source notes there are no known workarounds for this issue.

Vulnerability Details

CVSS Score

5.9(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%