High severityNVD Advisory· Published Feb 3, 2022· Updated May 5, 2025

Integer overflows in Tensorflow

CVE-2022-23568

Description

An integer overflow in TensorFlow's AddManySparseToTensorsMap op leads to a CHECK-fail denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An integer overflow in TensorFlow's `AddManySparseToTensorsMap` op leads to a CHECK-fail denial of service.

Vulnerability

The AddManySparseToTensorsMap operation in TensorFlow is susceptible to an integer overflow vulnerability. The implementation in tensorflow/core/kernels/sparse_tensors_map_ops.cc fails to validate the shapes of input tensors, allowing an attacker to provide dimensions that, when used to construct a new TensorShape object, trigger an integer overflow [1]. This results in a CHECK-fail (assertion failure) which crashes the process. Affected versions include TensorFlow 2.5.3 and earlier, 2.6.3 and earlier, 2.7.1 and earlier, and 2.8.0-rc0 (the fix was included in the 2.8.0 release) [1].

Exploitation

An attacker can exploit this vulnerability by providing crafted input tensors with overly large dimension values to the AddManySparseToTensorsMap operation. No specific authentication or special network position is required beyond the ability to pass data to a TensorFlow model or session that invokes this operation [1]. The conditions required are that the attacker can control the shape parameters of sparse tensors passed to this op.

Impact

Successful exploitation causes a denial of service (DoS) due to the CHECK-fail, leading to termination of the TensorFlow process. The impact is limited to availability; there is no evidence of code execution or information disclosure [1].

Mitigation

The vulnerability is fixed in TensorFlow 2.8.0. Additionally, the fix has been cherry-picked for supported release branches: TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3 [1]. Users should upgrade to one of these patched versions. No workaround is provided; users are advised to apply the patch or update immediately [1].

References

NVD - CVE-2022-23568

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tensorflowPyPI	< 2.5.3	2.5.3
tensorflowPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflowPyPI	>= 2.7.0, < 2.7.1	2.7.1
tensorflow-cpuPyPI	< 2.5.3	2.5.3
tensorflow-cpuPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflow-cpuPyPI	>= 2.7.0, < 2.7.1	2.7.1
tensorflow-gpuPyPI	< 2.5.3	2.5.3
tensorflow-gpuPyPI	>= 2.6.0, < 2.6.3	2.6.3
tensorflow-gpuPyPI	>= 2.7.0, < 2.7.1	2.7.1

Affected products

Nbsdx/Tensorflowcpe-rescue
osv-coords4 versions
pkg:bitnami/tensorflow pkg:pypi/tensorflow pkg:pypi/tensorflow-cpu pkg:pypi/tensorflow-gpu
< 2.5.3+ 3 more
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3
- (no CPE)range: < 2.5.3

Patches

a68f68061e26

Replace faulty overflow check with a builder for `TensorShape`.

https://github.com/tensorflow/tensorflowMihai MaruseacDec 10, 2021via ghsa

commit

1 file changed · +3 −15

tensorflow/core/kernels/sparse_tensors_map_ops.cc+3 −15 modified

@@ -263,22 +263,10 @@ class AddManySparseToTensorsMapOp : public SparseTensorAccessingOp {
             "Rank of input SparseTensor should be > 1, but saw rank: ", rank));
 
     auto input_shape_vec = input_shape->vec<int64_t>();
-    int new_num_elements = 1;
-    bool overflow_ocurred = false;
-    for (int i = 0; i < input_shape_vec.size(); i++) {
-      new_num_elements =
-          MultiplyWithoutOverflow(new_num_elements, input_shape_vec(i));
-      if (new_num_elements < 0) {
-        overflow_ocurred = true;
-        break;
-      }
-    }
-
-    OP_REQUIRES(
-        context, !overflow_ocurred,
-        errors::Internal("Encountered overflow from large input shape."));
 
-    TensorShape tensor_input_shape(input_shape_vec);
+    TensorShape tensor_input_shape;
+    OP_REQUIRES_OK(context, TensorShape::BuildTensorShape(input_shape_vec,
+                                                          &tensor_input_shape));
     gtl::InlinedVector<int64_t, 8> std_order(rank);
     std::iota(std_order.begin(), std_order.end(), 0);
     SparseTensor input_st;

b51b82fe65eb

Add missing validation to `AddManySparseToTensorsMap`.

https://github.com/tensorflow/tensorflowMihai MaruseacDec 9, 2021via ghsa

commit

1 file changed · +15 −2

tensorflow/core/kernels/sparse_tensors_map_ops.cc+15 −2 modified

@@ -231,16 +231,29 @@ class AddManySparseToTensorsMapOp : public SparseTensorAccessingOp {
                 errors::InvalidArgument(
                     "Input indices should be a matrix but received shape ",
                     input_indices->shape().DebugString()));
-
     OP_REQUIRES(context, TensorShapeUtils::IsVector(input_values->shape()),
                 errors::InvalidArgument(
                     "Input values should be a vector but received shape ",
                     input_values->shape().DebugString()));
-
     OP_REQUIRES(context, TensorShapeUtils::IsVector(input_shape->shape()),
                 errors::InvalidArgument(
                     "Input shape should be a vector but received shape ",
                     input_shape->shape().DebugString()));
+    OP_REQUIRES(
+        context,
+        input_values->shape().dim_size(0) == input_indices->shape().dim_size(0),
+        errors::InvalidArgument(
+            "Number of values must match first dimension of indices. ", "Got ",
+            input_values->shape().dim_size(0),
+            " values, indices shape: ", input_indices->shape().DebugString()));
+    OP_REQUIRES(
+        context,
+        input_shape->shape().dim_size(0) == input_indices->shape().dim_size(1),
+        errors::InvalidArgument(
+            "Number of dimensions must match second dimension of indices. ",
+            "Got ", input_shape->shape().dim_size(0),
+            " dimensions, indices shape: ",
+            input_indices->shape().DebugString()));
 
     int rank = input_shape->NumElements();

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-6445-fm66-fvq2ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-23568ghsaADVISORY
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-77.yamlghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-132.yamlghsaWEB
github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/sparse_tensors_map_ops.ccghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/commit/a68f68061e263a88321c104a6c911fe5598050a8ghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/commit/b51b82fe65ebace4475e3c54eb089c18a4403f1cghsax_refsource_MISCWEB
github.com/tensorflow/tensorflow/security/advisories/GHSA-6445-fm66-fvq2ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000