Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-bhtq-drn4-pqfw
Vulnerability ID VCID-bhtq-drn4-pqfw
Aliases CVE-2022-29211
GHSA-xrp2-fhq4-4q3w
Summary TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2022-29211
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2022-29211
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-xrp2-fhq4-4q3w
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow
generic_textual MODERATE https://github.com/tensorflow/tensorflow
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
generic_textual MODERATE https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
ssvc Track https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
generic_textual MODERATE https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
ssvc Track https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
generic_textual MODERATE https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
ssvc Track https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/issues/45770
generic_textual MODERATE https://github.com/tensorflow/tensorflow/issues/45770
ssvc Track https://github.com/tensorflow/tensorflow/issues/45770
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
generic_textual MODERATE https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
ssvc Track https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
generic_textual MODERATE https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
ssvc Track https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
generic_textual MODERATE https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
ssvc Track https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
generic_textual MODERATE https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
ssvc Track https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
cvssv3.1 5.5 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
cvssv3.1_qr MODERATE https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
generic_textual MODERATE https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
ssvc Track https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29211
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-29211
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-29211
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
https://github.com/tensorflow/tensorflow/issues/45770
https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
https://nvd.nist.gov/vuln/detail/CVE-2022-29211
GHSA-xrp2-fhq4-4q3w https://github.com/advisories/GHSA-xrp2-fhq4-4q3w
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/histogram_op.cc#L35-L74
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/commit/e57fd691c7b0fd00ea3bfe43444f30c1969748b5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/issues/45770
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/issues/45770
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:46:24Z/ Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xrp2-fhq4-4q3w
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29211
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.27409
EPSS Score 0.00101
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:12:22.169375+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0