Out of bounds read and write in Tensorflow
Description
Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow's SpecializeType which results in heap OOB read/write. Due to a typo, arg is initialized to the ith mutable argument in a loop where the loop index is j. Hence it is possible to assign to arg from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
1- Range: >= 2.7.0, < 2.7.1
Patches
10657c83d0884Fix heap OOB read/write due to incorrect indexing.
1 file changed · +1 −1
tensorflow/core/framework/full_type_util.cc+1 −1 modified@@ -100,7 +100,7 @@ StatusOr<FullTypeDef> SpecializeType(const AttrSlice& attrs, // verifications are needed, they should be done by separately, and in a // way that can be reused for type inference. for (int j = 0; j < t->args_size(); j++) { - auto* arg = t->mutable_args(i); + auto* arg = t->mutable_args(j); if (arg->type_id() == TFT_VAR) { const auto* attr = attrs.Find(arg->s()); if (attr == nullptr) {
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-77gp-3h4r-6428ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23574ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-83.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-138.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/full_type_util.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/0657c83d08845cc434175934c642299de2c0f042ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-77gp-3h4r-6428ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.