Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3x3f-d9r8-v3gb
Vulnerability ID VCID-3x3f-d9r8-v3gb
Aliases CVE-2022-23594
GHSA-9x52-887g-fhc2
Summary Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-125 Out-of-bounds Read
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-787 Out-of-bounds Write
System Score Found at
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2022-23594
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2022-23594
epss 0.00018 https://api.first.org/data/v1/epss?cve=CVE-2022-23594
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-9x52-887g-fhc2
cvssv3.1 8.8 https://github.com/tensorflow/tensorflow
generic_textual HIGH https://github.com/tensorflow/tensorflow
cvssv3.1 8.8 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
cvssv3.1_qr HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
generic_textual HIGH https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
ssvc Track https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
cvssv3.1 8.8 https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
generic_textual HIGH https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
ssvc Track https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23594
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-23594
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-23594
https://github.com/tensorflow/tensorflow
CVE-2022-23594 https://nvd.nist.gov/vuln/detail/CVE-2022-23594
GHSA-9x52-887g-fhc2 https://github.com/advisories/GHSA-9x52-887g-fhc2
GHSA-9x52-887g-fhc2 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
importexport https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:39Z/ Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9x52-887g-fhc2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:56:39Z/ Found at https://github.com/tensorflow/tensorflow/tree/274df9b02330b790aa8de1cee164b70f72b9b244/tensorflow/core/ir/importexport
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-23594
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.05142
EPSS Score 0.00018
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:36:27.209407+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2022/23xxx/CVE-2022-23594.json 38.6.0