CVE-2022-35938: TensorFlow is an open source platform for machine learning. The `GatherNd` function takes arguments that determine the s
Summary
A bug in TensorFlow (an open source platform for machine learning) exists in the `GatherNd` function, which retrieves values from arrays using index arrays. When input sizes are greater than or equal to output sizes, the function tries to read memory outside its allowed bounds (out-of-bounds memory read), causing errors or system crashes. The vulnerability affects multiple recent versions of TensorFlow.
Solution / Mitigation
The fix has been patched in GitHub commit 4142e47e9e31db481781b955ed3ff807a781b494 and will be included in TensorFlow 2.10.0. The fix will also be backported (applied to older versions still being supported) to TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2. Users should update to these patched versions.
Vulnerability Details
7(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-35938
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%