{"id":"CVE-2022-21732","summary":"Memory exhaustion in Tensorflow","details":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `ThreadPoolHandle` can be used to trigger a denial of service attack by allocating too much memory. This is because the `num_threads` argument is only checked to not be negative, but there is no upper bound on its value. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2022-21732","GHSA-c582-c96p-r5cq","PYSEC-2022-111","PYSEC-2022-56"],"modified":"2026-04-11T18:45:00.182142Z","published":"2022-02-03T11:21:48Z","related":["openSUSE-SU-2024:12116-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21732.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc#L79-L135"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21732.json"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c582-c96p-r5cq"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21732"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"last_affected":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"last_affected":"c2363d6d025981c661f8cbecf4c73ca7fbf38caf"},{"introduced":"0"},{"last_affected":"c256c071bb26e1e13b4666d1b3e229e110bc914a"},{"fixed":"e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.2"},{"introduced":"2.6.0"},{"last_affected":"2.6.2"},{"introduced":"0"},{"last_affected":"2.7.0"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.1","v2.5.2","v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.0-rc0","v2.7.0-rc1"],"database_specific":{"vanir_signatures":[{"target":{"function":"PrivateThreadPoolDatasetOp::MakeDataset","file":"tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc"},"signature_type":"Function","digest":{"length":345,"function_hash":"109790345703165995731566516225069276553"},"source":"https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e","signature_version":"v1","deprecated":false,"id":"CVE-2022-21732-22b9198d"},{"target":{"file":"tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc"},"signature_type":"Line","digest":{"line_hashes":["23671749299187771700492942992799101377","158225370695736538395398139669936407195","290271148837685878619254151317000382187","201666553289895161570931031583910282691","24293477222667352455183018168750310743","293290895371583465539579895041948499691","87147312987225280368390501659367986640","232194405782570556429977225413631125891","292111308451959367961730943474038089111","219668858856686725956566627226097527795","112556079390933033407476149511522890391","80745977230035046159002833736048047123","30665547078900400462695598218936754045","313001772619893462186158865734005243407","256798913093110684110500750407396068746","322969705196034613174401475954234920221","216134534551187907439583577388691005278","86674257659919617587034636561447082610","103455497559588610747334046437386986897"],"threshold":0.9},"source":"https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e","signature_version":"v1","deprecated":false,"id":"CVE-2022-21732-6d626faf"},{"target":{"function":"PrivateThreadPoolDatasetOp::MakeDatasetFromOptions","file":"tensorflow/core/kernels/data/experimental/threadpool_dataset_op.cc"},"signature_type":"Function","digest":{"length":413,"function_hash":"245888829275355229888726157029653665701"},"source":"https://github.com/tensorflow/tensorflow/commit/e3749a6d5d1e8d11806d4a2e9cc3123d1a90b75e","signature_version":"v1","deprecated":false,"id":"CVE-2022-21732-fd0bbaa5"}],"vanir_signatures_modified":"2026-04-11T18:45:00Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21732.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}]}