CVE-2022-21730: Tensorflow is an Open Source Machine Learning Framework. The implementation of `FractionalAvgPoolGrad` does not consider
Summary
TensorFlow, an open-source machine learning framework, has a vulnerability in its `FractionalAvgPoolGrad` function that fails to validate input data properly, allowing an attacker to read memory from outside the intended bounds of the heap (out-of-bounds read, where a program accesses data it shouldn't). This is a memory safety issue that could let attackers access sensitive information.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0. Security patches will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.
Vulnerability Details
8.1(high)
EPSS: 0.3%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21730
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%