VYPR
← All advisories
Moderate severityNVD Advisory· Published Feb 4, 2022· Updated Apr 22, 2025

Crash due to erroneous `StatusOr` in Tensorflow

CVE-2022-23590

Description

Tensorflow is an Open Source Machine Learning Framework. A GraphDef from a TensorFlow SavedModel can be maliciously altered to cause a TensorFlow process to crash due to encountering a StatusOr value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
tensorflowPyPI
< 2.7.12.7.1
tensorflow-cpuPyPI
< 2.7.12.7.1
tensorflow-gpuPyPI
< 2.7.12.7.1

Affected products

1

Patches

1
955059813cc3

Check for type inference error on node construction.

https://github.com/tensorflow/tensorflowDan MoldovanNov 12, 2021via ghsa
commit
1 file changed · +5 0
  • tensorflow/core/graph/graph.cc+5 0 modified
    @@ -561,6 +561,11 @@ Node* Graph::AddNode(NodeDef node_def, Status* status) {
     VLOG(3) << "AddNode: found type constructor for " << node_def.name();
     const auto ctor_type =
         full_type::SpecializeType(AttrSlice(node_def), op_reg_data->op_def);
+    if (!ctor_type.ok()) {
+      *status = errors::InvalidArgument("type error: ",
+                                        ctor_type.status().ToString());
+      return nullptr;
+    }
     const FullTypeDef ctor_typedef = ctor_type.ValueOrDie();
     if (ctor_typedef.type_id() != TFT_UNSET) {
       *(node_def.mutable_experimental_type()) = ctor_typedef;

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.