CVE-2022-41911: TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*`
mediumvulnerability
security
Summary
TensorFlow, an open source platform for machine learning, has a bug where converting character data to boolean values can cause crashes because the conversion is undefined unless the character is exactly 0 or 1. This issue affects the process of printing tensors (multi-dimensional arrays of data used in machine learning).
Solution / Mitigation
The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0, and will also be applied to TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4.
Vulnerability Details
CVSS Score
4.8(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedFramework
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-41911
First tracked: February 15, 2026 at 08:41 PM
Classified by LLM (prompt v3) · confidence: 92%