AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-21736: Tensorflow is an Open Source Machine Learning Framework. The implementation of `SparseTensorSliceDataset` has an undefin

highvulnerability

security

Source: NVD/CVE DatabaseFebruary 3, 2022CVE-2022-21736

Summary

TensorFlow, an open-source machine learning framework, has a bug in the `SparseTensorSliceDataset` component where it can crash by dereferencing a null pointer (accessing memory that doesn't exist) when given certain inputs. The code doesn't properly check that its three input arguments meet required conditions before using them.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The fix will also be applied to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still in the supported range.

Vulnerability Details

CVSS Score

7.6(high)

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476 CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21736

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%