CVE-2022-29202

Name of the Vulnerable Software and Affected Versions TensorFlow versions prior to 2.9.0 TensorFlow versions prior to 2.8.1 TensorFlow versions prior to 2.7.2 TensorFlow versions prior to 2.6.4

Description The implementation of tf.ragged.constant does not fully validate the input arguments, resulting in a denial of service by consuming all available memory. This issue can be exploited by passing specific arguments to the tf.ragged.constant function, such as pylist=[] and ragged rank=8968073515812833920.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later. For versions prior to 2.8.1, update to version 2.8.1 or later. For versions prior to 2.7.2, update to version 2.7.2 or later. For versions prior to 2.6.4, update to version 2.6.4 or later. As a temporary workaround, consider restricting the use of the tf.ragged.constant function until a patch is applied.