CVE-2022-29208: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Summary
TensorFlow, an open source platform for machine learning, has a vulnerability in the `tf.raw_ops.EditDistance` function where incomplete validation allows users to pass negative values that cause a segmentation fault (a program crash from accessing invalid memory). An attacker could exploit this by crafting input that produces negative array indices, allowing writes before the intended array location and potentially crashing the system.
Solution / Mitigation
Update to TensorFlow versions 2.9.0, 2.8.1, 2.7.2, or 2.6.4, which contain a patch for this issue.
Vulnerability Details
7.1(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-29208
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 95%