AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-41883: TensorFlow is an open source platform for machine learning. When ops that have specified input sizes receive a differing

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 18, 2022CVE-2022-41883

Summary

TensorFlow (an open source platform for machine learning) has a bug where certain operations crash when they receive a different number of inputs than expected, which could cause the program to stop working. This vulnerability is classified as an out-of-bounds read (accessing memory outside the intended range).

Solution / Mitigation

The fix is included in TensorFlow 2.11. Users on earlier versions should update to TensorFlow 2.10.1, 2.9.3, or 2.8.4, which have the patch applied through GitHub commit f5381e0e10b5a61344109c1b7c174c68110f7629.

Vulnerability Details

CVSS Score

6.8(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41883

First tracked: February 15, 2026 at 08:41 PM

Classified by LLM (prompt v3) · confidence: 95%