Moderate severityNVD Advisory· Published Feb 4, 2022· Updated Apr 22, 2025
Abort caused by allocating a vector that is too large in Tensorflow
CVE-2022-23580
Description
Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
1- Range: >= 2.7.0, < 2.7.1
Patches
11361fb7e2944Fix abort caused by allocating a too large vector.
1 file changed · +15 −0
tensorflow/core/framework/shape_inference.cc+15 −0 modified@@ -14,6 +14,8 @@ limitations under the License. ==============================================================================*/ #include "tensorflow/core/framework/shape_inference.h" +#include <cstdint> + #include "tensorflow/core/framework/bounds_check.h" #include "tensorflow/core/framework/full_type_util.h" #include "tensorflow/core/framework/node_def.pb.h" @@ -789,6 +791,19 @@ Status InferenceContext::InternalMakeShapeFromTensor( return ReturnUnknownShape(out); } const auto num_dims = Value(shape_dim); + // TODO(mihaimaruseac): Should be `TensorShape::MaxDimensions()` as we are + // not able to materialize shapes with more than this number of dimensions + // but then shape inference would fail for operations such as + // `tf.range`/`tf.ones`, etc. where the shape is not really materialized, + // only used during the inference. Hence, just prevent doing a `reserve` + // with a very large argument. + const int64_t max_dimensions = 1 << 20; + if (num_dims >= max_dimensions) { + return errors::Internal( + "Cannot create a tensor with ", num_dims, + " dimensions, as these would be more than maximum of ", + max_dimensions); + } std::vector<DimensionHandle> dims; dims.reserve(num_dims); for (int i = 0; i < num_dims; i++) dims.push_back(UnknownDim());
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-627q-g293-49q7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23580ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-89.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-144.yamlghsaWEB
- github.com/tensorflow/tensorflow/blob/a1320ec1eac186da1d03f033109191f715b2b130/tensorflow/core/framework/shape_inference.ccghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/1361fb7e29449629e1df94d44e0427ebec8c83c7ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-627q-g293-49q7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.