CVE-2022-21732: Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger
Summary
TensorFlow (an open source machine learning framework) has a vulnerability in its `ThreadPoolHandle` component that allows attackers to cause a denial of service attack (making a service unavailable by overwhelming it) by allocating excessive memory. The problem exists because the code only checks that the `num_threads` argument is not negative, but does not limit how large the value can be.
Solution / Mitigation
The fix will be included in TensorFlow 2.8.0 and will also be backported to TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 (which are still supported versions).
Vulnerability Details
4.3(medium)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-21732
First tracked: February 15, 2026 at 08:40 PM
Classified by LLM (prompt v3) · confidence: 95%