AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-21729: Tensorflow is an Open Source Machine Learning Framework. The implementation of `UnravelIndex` is vulnerable to a divisio

mediumvulnerability

security

Source: NVD/CVE DatabaseFebruary 3, 2022CVE-2022-21729

Summary

TensorFlow, an open-source machine learning framework, has a vulnerability in its `UnravelIndex` function caused by an integer overflow bug (a situation where a number becomes too large for the system to handle correctly) that leads to division by zero. This flaw affects multiple versions of TensorFlow and could allow attackers to crash or disrupt the software.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 will also receive this fix through a cherrypick (applying a specific code change to older versions).

Vulnerability Details

CVSS Score

6.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.2%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-190 CWE-190

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21729

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%