AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2022-23562: Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. T

highvulnerability

security

Source: NVD/CVE DatabaseFebruary 4, 2022CVE-2022-23562

Summary

TensorFlow (an open-source framework for building machine learning models) has a vulnerability in its Range function where integer overflows (when numbers get too large and wrap around to incorrect values) can cause undefined behavior or extremely large memory allocations. This bug affects multiple versions of the software.

Solution / Mitigation

The fix will be included in TensorFlow 2.8.0. The vulnerability will also be patched in TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, which are still supported versions.

Vulnerability Details

CVSS Score

7.6(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-190

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2022-23562

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%