Medium severity5.9NVD Advisory· Published Feb 4, 2022· Updated Jun 17, 2026
CVE-2022-23590
CVE-2022-23590
Description
Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.7.1 | 2.7.1 |
Affected products
5- osv-coords4 versions
< 2.7.1+ 3 more
- (no CPE)range: < 2.7.1
- (no CPE)range: < 2.7.1
- (no CPE)range: < 2.7.1
- (no CPE)range: < 2.7.1
- Range: >= 2.7.0, < 2.8.0
Patches
Vulnerability mechanics
References
7- github.com/tensorflow/tensorflow/commit/955059813cc325dc1db5e2daa6221271406d4439nvdPatchThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-pqrv-8r2f-7278nvdPatchThird Party AdvisoryWEB
- github.com/tensorflow/tensorflow/blob/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/graph/graph.ccnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-pqrv-8r2f-7278ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23590ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-99.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-154.yamlghsaWEB
News mentions
0No linked articles in our index yet.