Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-cuak-225n-4fc5
Vulnerability ID VCID-cuak-225n-4fc5
Aliases CVE-2022-36015
GHSA-rh87-q4vg-m45j
Summary TensorFlow is an open source platform for machine learning. When `RangeSize` receives values that do not fit into an `int64_t`, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this commit on TensorFlow 2.9.1, TensorFlow 2.8.1, and TensorFlow 2.7.2, as these are also affected and still in supported range. There are no known workarounds for this issue.
Status Published
Exploitability 0.5
Weighted Severity 5.3
Risk 2.6
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-190 Integer Overflow or Wraparound
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-36015
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-36015
epss 0.00191 https://api.first.org/data/v1/epss?cve=CVE-2022-36015
cvssv3.1_qr LOW https://github.com/advisories/GHSA-rh87-q4vg-m45j
generic_textual LOW https://github.com/tensorflow/tensorflow
cvssv3.1 5.9 https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
generic_textual LOW https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
ssvc Track https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
cvssv3.1 5.9 https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
generic_textual LOW https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
ssvc Track https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
generic_textual LOW https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
cvssv3.1 5.9 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
cvssv3.1_qr LOW https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
generic_textual LOW https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
ssvc Track https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2022-36015
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-36015
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/releases/tag/v2.10.0
37e64539cd29fcfb814c4451152a60f5d107b0f0 https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
CVE-2022-36015 https://nvd.nist.gov/vuln/detail/CVE-2022-36015
GHSA-rh87-q4vg-m45j https://github.com/advisories/GHSA-rh87-q4vg-m45j
GHSA-rh87-q4vg-m45j https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
math_ops.cc https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/ Found at https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/ops/math_ops.cc
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/ Found at https://github.com/tensorflow/tensorflow/commit/37e64539cd29fcfb814c4451152a60f5d107b0f0
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:57:39Z/ Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rh87-q4vg-m45j
Exploit Prediction Scoring System (EPSS)
Percentile 0.40849
EPSS Score 0.00191
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:38:04.817246+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2022/36xxx/CVE-2022-36015.json 38.6.0