CVE-2022-36018: TensorFlow is an open source platform for machine learning. If `RaggedTensorToVariant` is given a `rt_nested_splits` lis
Summary
TensorFlow, an open source platform for machine learning, has a vulnerability where a function called `RaggedTensorToVariant` can crash if it receives incorrectly formatted input (tensors with ranks other than one). An attacker could use this crash to launch a denial of service attack (making the system unavailable).
Solution / Mitigation
The issue has been patched in GitHub commit 88f93dfe691563baa4ae1e80ccde2d5c7a143821. The fix is included in TensorFlow 2.10.0 and will also be backported to (applied to earlier versions of) TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2.
Vulnerability Details
5.9(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-36018
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%