Login Sign Up

CVE-2022-21740

7.6 HIGH

📋 TL;DR

CVE-2022-21740 is a heap overflow vulnerability in TensorFlow's SparseCountSparseOutput implementation that allows attackers to write beyond allocated memory boundaries. This can lead to arbitrary code execution, denial of service, or information disclosure. Users of TensorFlow versions 2.5.0-2.7.0 are affected.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.5.0 through 2.7.0
Operating Systems: All platforms running affected TensorFlow versions
Default Config Vulnerable: ⚠️ Yes
Notes: Any code using SparseCountSparseOutput operations is vulnerable. The vulnerability is in the core framework, not dependent on specific configurations.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the TensorFlow process, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) or memory corruption leading to unstable behavior.

🟢

If Mitigated

Limited impact if TensorFlow runs in sandboxed environments with minimal privileges.

🌐 Internet-Facing: MEDIUM - Exploitation requires specific input to vulnerable functions, but internet-facing ML services could be targeted.
🏢 Internal Only: MEDIUM - Internal ML pipelines and development environments could be compromised through malicious input.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting specific input to trigger the heap overflow. No public exploits were available at disclosure.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.8.0, 2.7.1, 2.6.3, and 2.5.3

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-44qp-9wwf-734r

Restart Required: Yes

Instructions:

1. Identify current TensorFlow version. 2. Upgrade to patched version: pip install --upgrade tensorflow==2.8.0 (or appropriate version). 3. Restart all services using TensorFlow. 4. Test functionality after upgrade.

🔧 Temporary Workarounds

Disable SparseCountSparseOutput usage

all

Avoid using the vulnerable SparseCountSparseOutput operation in your code

Review and modify code to remove calls to tf.sparse.count_sparse_output or related functions

🧯 If You Can't Patch

  • Run TensorFlow in sandboxed/containerized environments with minimal privileges
  • Implement input validation and sanitization for all TensorFlow operations

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)' and compare to affected versions 2.5.0-2.7.0

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

After patching, verify version is 2.8.0, 2.7.1, 2.6.3, or 2.5.3 using same command

📡 Detection & Monitoring

Log Indicators:

  • Segmentation faults
  • Memory access violation errors
  • TensorFlow process crashes

Network Indicators:

  • Unusual spikes in ML inference requests
  • Requests with malformed tensor data

SIEM Query:

process_name:tensorflow AND (event_type:crash OR error_message:"heap" OR error_message:"overflow")

📊 Metadata

CVE ID: CVE-2022-21740
CVSS v3 Score: 7.6 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CWE: CWE-787
Published: February 3, 2022
Last Updated: May 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-21740, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)