VYPR
← All advisories
High severityNVD Advisory· Published Feb 3, 2022· Updated May 5, 2025

Integer overflow leading to crash in Tensorflow

CVE-2022-21738

Description

TensorFlow's SparseCountSparseOutput contains an integer overflow leading to denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

TensorFlow's `SparseCountSparseOutput` contains an integer overflow leading to denial of service.

Vulnerability

The SparseCountSparseOutput op in TensorFlow is vulnerable to an integer overflow during memory allocation. Versions 2.5.0 through 2.5.2, 2.6.0 through 2.6.2, and 2.7.0 are affected [1]. The overflow occurs when large input shapes trigger a multiplication that exceeds the maximum integer value, resulting in an undersized buffer allocation.

Exploitation

An attacker can trigger this vulnerability by providing a crafted SparseCountSparseOutput operation with large dimensions that cause an integer overflow. No authentication is required if the attacker can control the input to a TensorFlow model or session [1].

Impact

A successful exploitation causes a heap buffer overflow, leading to a crash (denial of service) of the TensorFlow process. There is no indication of remote code execution or information disclosure from the available references [1].

Mitigation

The fix is included in TensorFlow 2.8.0, and has been cherry-picked to versions 2.7.1, 2.6.3, and 2.5.3 [1]. Users should upgrade to one of these patched releases. No workaround is available for unpatched versions.

References
  1. NVD - CVE-2022-21738

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
< 2.5.32.5.3
tensorflowPyPI
>= 2.6.0, < 2.6.32.6.3
tensorflowPyPI
>= 2.7.0, < 2.7.12.7.1
tensorflow-cpuPyPI
< 2.5.32.5.3
tensorflow-cpuPyPI
>= 2.6.0, < 2.6.32.6.3
tensorflow-cpuPyPI
>= 2.7.0, < 2.7.12.7.1
tensorflow-gpuPyPI
< 2.5.32.5.3
tensorflow-gpuPyPI
>= 2.6.0, < 2.6.32.6.3
tensorflow-gpuPyPI
>= 2.7.0, < 2.7.12.7.1

Affected products

5

Patches

1
6f4d3e8139ec

Prevent crash due to integer overflow followed by allocating negative sized array.

https://github.com/tensorflow/tensorflowMihai MaruseacDec 8, 2021via ghsa
commit
1 file changed · +9 0
  • tensorflow/core/kernels/count_ops.cc+9 0 modified
    @@ -13,6 +13,8 @@ See the License for the specific language governing permissions and
 limitations under the License.
 ==============================================================================*/
 
+#include <limits>
+
 #include "absl/container/flat_hash_map.h"
 #include "tensorflow/core/framework/op_kernel.h"
 #include "tensorflow/core/framework/op_requires.h"
@@ -23,6 +25,9 @@ limitations under the License.
 
 namespace tensorflow {
 
+// Don't allocate too large `BatchedMap<T>` objects
+static int kMaxBatches = std::numeric_limits<int>::max();
+
 template <class T>
 using BatchedMap = std::vector<absl::flat_hash_map<int64_t, T>>;
 
@@ -235,6 +240,10 @@ class SparseCount : public OpKernel {
 
     bool is_1d = shape.NumElements() == 1;
     int num_batches = is_1d ? 1 : shape_vector(0);
+    OP_REQUIRES(
+        context, 0 < num_batches && num_batches < kMaxBatches,
+        errors::InvalidArgument("Cannot allocate ", num_batches,
+                                " batches, is the dense shape too wide?"));
 
     const auto values_values = values.flat<T>();
     const auto weight_values = weights.flat<W>();

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.