High severityNVD Advisory· Published Feb 3, 2022· Updated May 5, 2025

Overflow and uncaught divide by zero in Tensorflow

CVE-2022-21729

Description

Integer overflow in TensorFlow's UnravelIndex operation leads to division by zero, causing denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Integer overflow in TensorFlow's UnravelIndex operation leads to division by zero, causing denial of service.

Vulnerability

The UnravelIndex op in TensorFlow (versions 2.5.3, 2.6.3, 2.7.1, and earlier) contains an integer overflow bug that can lead to a division by zero. The code computes a product of dimensions without overflow checks, and if the product overflows, it can become zero, triggering a division by zero in subsequent operations. The affected source is in tensorflow/core/kernels/unravel_index_op.cc [4]. The fix adds overflow checks and validates that dimensions are positive [3].

Exploitation

An attacker can trigger this vulnerability by providing crafted input tensors to the UnravelIndex operation. No special privileges are required; the attacker only needs to be able to call the operation with malicious dims values that cause integer overflow. The operation is typically used in TensorFlow graph execution, so any user or process that can supply input to a TensorFlow model can exploit this.

Impact

Successful exploitation results in a division by zero, causing a crash (denial of service). The vulnerability does not lead to arbitrary code execution or information disclosure; it is a denial-of-service vulnerability.

Mitigation

The fix is included in TensorFlow 2.8.0, and cherry-picked to versions 2.7.1, 2.6.3, and 2.5.3 [1][3]. Users should upgrade to these patched versions. No workaround is available; the only mitigation is to update TensorFlow.

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.5.3	2.5.3
tensorflowPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflowPyPI	>= 2.7.0, < 2.7.1	2.7.1
tensorflow-cpuPyPI	< 2.5.3	2.5.3
tensorflow-cpuPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflow-cpuPyPI	>= 2.7.0, < 2.7.1	2.7.1
tensorflow-gpuPyPI	< 2.5.3	2.5.3
tensorflow-gpuPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflow-gpuPyPI	>= 2.7.0, < 2.7.1	2.7.1

Affected products

Nbsdx/Tensorflowcpe-rescue
osv-coords4 versions
pkg:bitnami/tensorflow pkg:pypi/tensorflow pkg:pypi/tensorflow-cpu pkg:pypi/tensorflow-gpu
< 2.5.3+ 3 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3

Patches

58b34c6c8250

Fix integer overflow leading to divide by zero error in Unravel index kernel when dimensions product exceeds max int value.

https://github.com/tensorflow/tensorflowIsha ArkatkarNov 30, 2021via ghsa

commit

2 files changed · +40 −1

tensorflow/core/kernels/unravel_index_op.cc+26 −1 modified

@@ -13,6 +13,10 @@ See the License for the specific language governing permissions and
 limitations under the License.
 ==============================================================================*/
 
+#include <cstdint>
+
+#include "tensorflow/core/framework/types.pb.h"
+#include "tensorflow/core/platform/types.h"
 #define EIGEN_USE_THREADS
 
 #include "tensorflow/core/framework/op_kernel.h"
@@ -35,7 +39,8 @@ typedef Eigen::ThreadPoolDevice CPUDevice;
 template <typename Tidx>
 class UnravelIndexOp : public OpKernel {
  public:
-  explicit UnravelIndexOp(OpKernelConstruction* ctx) : OpKernel(ctx) {}
+  explicit UnravelIndexOp(OpKernelConstruction* ctx)
+      : OpKernel(ctx), dtidx_(DataTypeToEnum<Tidx>::v()) {}
 
   void Compute(OpKernelContext* ctx) override {
     const Tensor& indices_tensor = ctx->input(0);
@@ -54,12 +59,31 @@ class UnravelIndexOp : public OpKernel {
 
     auto dims = dims_tensor.vec<Tidx>();
     // Make sure dims does not contain a zero
+    double prod = 1;
+    uint64_t limit;
+    if (dtidx_ == DataType::DT_INT64) {
+      limit = kint64max;
+    } else {
+      limit = kint32max;
+    }
+
     for (int i = 0; i < dims.size(); i++) {
       OP_REQUIRES(
           ctx, dims(i) != 0,
           errors::InvalidArgument("Input dims cannot contain a dim of zero, "
                                   "but dims contains zero at index ",
                                   i));
+      OP_REQUIRES(ctx, dims(i) > 0,
+                  errors::InvalidArgument(
+                      "Input dims cannot be negative. Got dim = ", dims(i),
+                      " at index ", i));
+      // Check interger overflow
+      OP_REQUIRES(
+          ctx, prod <= limit / dims(i),
+          errors::InvalidArgument("Input dims product is causing integer "
+                                  "overflow: (",
+                                  dims, ")"));
+      prod = (prod * dims(i));
     }
 
     // Check to make sure indices is not out of boundary
@@ -132,6 +156,7 @@ class UnravelIndexOp : public OpKernel {
                strides_shifted.reshape(reshape).broadcast(bcast);
     }
   }
+  const DataType dtidx_;
 };
 
 #define REGISTER_KERNEL(type)                                               \

tensorflow/python/kernel_tests/array_ops/array_ops_test.py+14 −0 modified

@@ -1580,6 +1580,20 @@ def testUnravelIndexZeroDim(self):
           dims = constant_op.constant([3, 0], dtype=dtype)
           self.evaluate(array_ops.unravel_index(indices=indices, dims=dims))
 
+  def testUnravelIndexIntegerOverflow(self):
+    with self.cached_session():
+      for dtype in [dtypes.int32, dtypes.int64]:
+        with self.assertRaisesRegex(
+            errors.InvalidArgumentError,
+            r"Input dims product is causing integer overflow"):
+          indices = constant_op.constant(-0x100000, dtype=dtype)
+          if dtype == dtypes.int32:
+            value = 0x10000000
+          else:
+            value = 0x7FFFFFFFFFFFFFFF
+          dims = constant_op.constant([value, value], dtype=dtype)
+          self.evaluate(array_ops.unravel_index(indices=indices, dims=dims))
+
 
 class GuaranteeConstOpTest(test_util.TensorFlowTestCase):

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-34f9-hjfq-rr8jghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-21729ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-53.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-108.yamlghsaWEB
github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/unravel_index_op.ccghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/commit/58b34c6c8250983948b5a781b426f6aa01fd47afghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-34f9-hjfq-rr8jghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000