Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Top Critical CVEs

Highest risk vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Discover domains across TLDs

Sign In Sign Up

GHSA-cg88-rpvp-cjv5

GitHub Security Advisory

Out of bounds write in grappler in Tensorflow

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

### Impact
The function [MakeGrapplerFunctionItem](https://https://github.com/tensorflow/tensorflow/blob/master/tensorflow/core/grappler/utils/functions.cc#L221) takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered.

### Patches
We have patched the issue in GitHub commit [a65411a1d69edfb16b25907ffb8f73556ce36bb7](https://github.com/tensorflow/tensorflow/commit/a65411a1d69edfb16b25907ffb8f73556ce36bb7).

The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1.

### For more information
Please consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.

Affected Packages

PyPI tensorflow

Affected versions: 0 (fixed in 2.8.4)

PyPI tensorflow

Affected versions: 2.9.0 (fixed in 2.9.3)

PyPI tensorflow

Affected versions: 2.10.0 (fixed in 2.10.1)

PyPI tensorflow-cpu

Affected versions: 0 (fixed in 2.8.4)

PyPI tensorflow-gpu

Affected versions: 0 (fixed in 2.8.4)

PyPI tensorflow-cpu

Affected versions: 2.9.0 (fixed in 2.9.3)

PyPI tensorflow-gpu

Affected versions: 2.9.0 (fixed in 2.9.3)

PyPI tensorflow-cpu

Affected versions: 2.10.0 (fixed in 2.10.1)

PyPI tensorflow-gpu

Affected versions: 2.10.0 (fixed in 2.10.1)

Related CVEs

CVE-2022-41902

Key Information

GHSA ID

GHSA-cg88-rpvp-cjv5

Published

November 21, 2022 10:04 PM

Last Modified

November 21, 2022 10:04 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

tensorflow

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 23, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.