VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-34je-dsqs-2qeh

Vulnerability ID	VCID-34je-dsqs-2qeh
Aliases	CVE-2022-23594 GHSA-9x52-887g-fhc2
Summary	Out-of-bounds Read Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-125	Out-of-bounds Read
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-787	Out-of-bounds Write

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
CVE-2022-23594		https://nvd.nist.gov/vuln/detail/CVE-2022-23594
GHSA-9x52-887g-fhc2		https://github.com/advisories/GHSA-9x52-887g-fhc2
GHSA-9x52-887g-fhc2		https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:41:10.768091+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/tensorflow/CVE-2022-23594.yml	38.6.0