Moderate severityNVD Advisory· Published May 20, 2022· Updated Apr 22, 2025
Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant`
CVE-2022-29202
Description
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.ragged.constant does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
tensorflowPyPI | < 2.6.4 | 2.6.4 |
tensorflowPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflowPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-cpuPyPI | < 2.6.4 | 2.6.4 |
tensorflow-cpuPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-cpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
tensorflow-gpuPyPI | < 2.6.4 | 2.6.4 |
tensorflow-gpuPyPI | >= 2.7.0, < 2.7.2 | 2.7.2 |
tensorflow-gpuPyPI | >= 2.8.0, < 2.8.1 | 2.8.1 |
Affected products
1- Range: < 2.6.4
Patches
1bd4d5583ff9cPrevent denial of service in `tf.ragged.constant`
1 file changed · +3 −0
tensorflow/python/ops/ragged/ragged_factory_ops.py+3 −0 modified@@ -188,6 +188,9 @@ def _constant_value(ragged_factory, inner_factory, pylist, dtype, ragged_rank, if max_depth > scalar_depth: raise ValueError("Invalid pylist=%r: empty list nesting is greater " "than scalar value nesting" % pylist) + if ragged_rank is not None and max_depth < ragged_rank: + raise ValueError(f"Invalid pylist={pylist}, max depth smaller than " + f"ragged_rank={ragged_rank}") # If both inner_shape and ragged_rank were specified, then check that # they are compatible with pylist.
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
10- github.com/advisories/GHSA-cwpm-f78v-7m5cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-29202ghsaADVISORY
- github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/python/ops/ragged/ragged_factory_ops.pyghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/commit/bd4d5583ff9c8df26d47a23e508208844297310eghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/issues/55199ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.6.4ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.7.2ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.8.1ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/releases/tag/v2.9.0ghsax_refsource_MISCWEB
- github.com/tensorflow/tensorflow/security/advisories/GHSA-cwpm-f78v-7m5cghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.