{"id":"CVE-2022-21734","summary":"`CHECK`-failures in Tensorflow","details":"Tensorflow is an Open Source Machine Learning Framework. The implementation of `MapStage` is vulnerable a `CHECK`-fail if the key tensor is not a scalar. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.","aliases":["BIT-tensorflow-2022-21734","GHSA-gcvh-66ff-4mwm","PYSEC-2022-113","PYSEC-2022-58"],"modified":"2026-04-11T18:44:57.985608Z","published":"2022-02-03T12:59:18Z","related":["openSUSE-SU-2024:12116-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21734.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/tensorflow/tensorflow/blob/5100e359aef5c8021f2e71c7b986420b85ce7b3d/tensorflow/core/kernels/map_stage_op.cc#L519-L550"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/21xxx/CVE-2022-21734.json"},{"type":"ADVISORY","url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gcvh-66ff-4mwm"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-21734"},{"type":"FIX","url":"https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/tensorflow/tensorflow","events":[{"introduced":"0"},{"last_affected":"957590ea15cc03ee2e00fc61934647d54836676f"},{"introduced":"919f693420e35d00c8d0a42100837ae3718f7927"},{"last_affected":"c2363d6d025981c661f8cbecf4c73ca7fbf38caf"},{"introduced":"0"},{"last_affected":"c256c071bb26e1e13b4666d1b3e229e110bc914a"},{"fixed":"f57315566d7094f322b784947093406c2aea0d7d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.5.2"},{"introduced":"2.6.0"},{"last_affected":"2.6.2"},{"introduced":"0"},{"last_affected":"2.7.0"}]}}],"versions":["0.5.0","0.6.0","v1.1.0-rc1","v1.1.0-rc2","v1.12.1","v1.6.0-rc1","v1.9.0-rc2","v2.5.0","v2.5.0-rc0","v2.5.0-rc1","v2.5.0-rc2","v2.5.0-rc3","v2.5.1","v2.5.2","v2.6.0","v2.6.1","v2.6.2","v2.7.0","v2.7.0-rc0","v2.7.0-rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21734.json","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"tensorflow/core/kernels/map_stage_op.cc"},"source":"https://github.com/tensorflow/tensorflow/commit/f57315566d7094f322b784947093406c2aea0d7d","digest":{"line_hashes":["243902956803889931897551431230506542273","262540243667239542078015843315170987613","4595770219690293797249209549677157709"],"threshold":0.9},"signature_type":"Line","id":"CVE-2022-21734-f2a1091e"}],"vanir_signatures_modified":"2026-04-11T18:44:57Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}