CVE-2022-29210— Heap buffer overflow due to incorrect hash function in TensorFlow
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-29210
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Heap buffer overflow due to incorrect hash function in TensorFlow
Source: NVD (National Vulnerability Database)
Vulnerability Description
TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Google TensorFlow 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Google TensorFlow是美国谷歌(Google)公司的一套用于机器学习的端到端开源平台。 Google TensorFlow 2.8.0版本存在安全漏洞,该漏洞源于TensorKey散列函数使用了非常差的常量散列函数AllocatedBytes()来实现总估计。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| tensorflow | tensorflow | == 2.8.0 | - |
II. Public POCs for CVE-2022-29210
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-29210
请登录查看更多情报信息。
- https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1x_refsource_MISC
- https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-29210
Same Patch Batch · tensorflow · 2022-05-20 · 24 CVEs total
| CVE-2022-29216 | 7.8 HIGH | Code injection in `saved_model_cli` in TensorFlow |
| CVE-2022-29208 | 7.1 HIGH | Segfault and Out-of-bounds Write write due to incomplete validation in TensorFlow |
| CVE-2022-29206 | 5.5 MEDIUM | Missing validation results in undefined behavior in `SparseTensorDenseAdd` in TensorFlow |
| CVE-2022-29213 | 5.5 MEDIUM | Incomplete validation in signal ops leads to crashes in TensorFlow |
| CVE-2022-29209 | 5.5 MEDIUM | Type confusion leading to `CHECK`-failure based denial of service in TensorFlow |
| CVE-2022-29211 | 5.5 MEDIUM | Segfault in TensorFlow if `tf.histogram_fixed_width` is called with NaN values |
| CVE-2022-29212 | 5.5 MEDIUM | Core dump when loading TFLite models with quantization in TensorFlow |
| CVE-2022-29201 | 5.5 MEDIUM | Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow |
| CVE-2022-29202 | 5.5 MEDIUM | Denial of service in TensorFlow due to lack of validation in `tf.ragged.constant` |
| CVE-2022-29203 | 5.5 MEDIUM | Integer overflow in `SpaceToBatchND` in TensorFlow |
| CVE-2022-29204 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` |
| CVE-2022-29205 | 5.5 MEDIUM | Segfault due to missing support for quantized types in TensorFlow |
| CVE-2022-29192 | 5.5 MEDIUM | Missing validation crashes `QuantizeAndDequantizeV4Grad` in TensorFlow |
| CVE-2022-29207 | 5.5 MEDIUM | Undefined behavior when users supply invalid resource handles in TensorFlow |
| CVE-2022-29195 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `StagePeek` |
| CVE-2022-29197 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `UnsortedSegmentJoin` |
| CVE-2022-29196 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `Conv3DBackpropFilterV2` |
| CVE-2022-29198 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatr |
| CVE-2022-29199 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `LoadAndRemapMatrix` |
| CVE-2022-29200 | 5.5 MEDIUM | Missing validation causes denial of service in TensorFlow via `LSTMBlockCell` |
Showing top 20 of 24 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: tensorflow
Same vendor: tensorflow
- CVE-2026-2492
TensorFlow HDF5 Library Uncontrolled Search Path Element Loc - CVE-2023-33976
TensorFlow segfault in array_ops.upper_bound - CVE-2024-3660
Arbitrary code injection vulnerability in Keras framework < - CVE-2023-25661
Denial of Service in TensorFlow - CVE-2023-25660
TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
Same weakness: CWE-120
- CVE-2026-8260
D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings - CVE-2026-8137
Totolink X5000R formDdns sub_458E40 buffer overflow - CVE-2026-6691
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow - CVE-2026-7857
D-Link DI-8100 CGI user_group.asp sprintf buffer overflow - CVE-2026-7856
D-Link DI-8100 Web Management url_member.asp buffer overflow
V. Comments for CVE-2022-29210
No comments yet