Stack overflow in Tensorflow
Description
Tensorflow is an Open Source Machine Learning Framework. The GraphDef format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a GraphDef containing a fragment such as the following can be consumed when loading a SavedModel. This would result in a stack overflow during execution as resolving each NodeDef means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.5.3 | 2.5.3 |
tensorflowPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflowPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-cpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-cpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
tensorflow-gpuPyPI | < 2.5.3 | 2.5.3 |
tensorflow-gpuPyPI | >= 2.6.0, < 2.6.3 | 2.6.3 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
1- Range: >= 2.7.0, < 2.7.1
Patches
1448a16182065Prevent stack overflow when FunctionLib in GraphDef has a self-recursive function.
1 file changed · +18 −0
tensorflow/cc/saved_model/loader.cc+18 −0 modified@@ -25,6 +25,7 @@ limitations under the License. #include "tensorflow/core/framework/attr_value.pb.h" #include "tensorflow/core/framework/function.pb.h" #include "tensorflow/core/framework/node_def.pb.h" +#include "tensorflow/core/framework/op_def.pb.h" #include "tensorflow/core/framework/tensor.pb.h" #include "tensorflow/core/lib/io/path.h" #include "tensorflow/core/lib/monitoring/counter.h" @@ -99,6 +100,19 @@ static Status ValidateNode(const NodeDef& node) { return Status::OK(); } +static Status ValidateFunctionNotRecursive(const FunctionDef& function) { + const auto& function_name = function.signature().name(); + for (const auto& node : function.node_def()) { + if (node.op() == function_name) { + return errors::FailedPrecondition( + "Function ", function_name, + " is self recursive and TensorFlow does not support this scenario."); + } + } + + return Status::OK(); +} + static Status ValidateSavedTensors(const GraphDef& graph_def) { for (const auto& node : graph_def.node()) { TF_RETURN_IF_ERROR(ValidateNode(node)); @@ -110,6 +124,10 @@ static Status ValidateSavedTensors(const GraphDef& graph_def) { for (const auto& node : function.node_def()) { TF_RETURN_IF_ERROR(ValidateNode(node)); } + + // Also check that there is no recursivity in the library + // TODO(mihaimaruseac): Do more than self-recursivity + TF_RETURN_IF_ERROR(ValidateFunctionNotRecursive(function)); } }
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-247x-2f9f-5wp7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-23591ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2022-100.yamlghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2022-155.yamlghsaWEB
- github.com/tensorflow/tensorflow/commit/448a16182065bd08a202d9057dd8ca541e67996cghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-247x-2f9f-5wp7ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.