{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "fixed": "2.6.4" } ] }, "events": [ { "introduced": "0" }, { "fixed": "33ed2b11cb8e879d86c371700e6573db1814a69e" } ], "repo": "https://github.com/tensorflow/tensorflow", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "2.7.0rc0" }, { "fixed": "2.7.2" } ] }, "events": [ { "introduced": "ce35e5c3a8efdb8161c6a85c8fb9ffb5bbdc9ffd" }, { "fixed": "dd7b8a3c1714d0052ce4b4a2fd8dcef927439a24" } ], "repo": "https://github.com/tensorflow/tensorflow", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "2.8.0rc0" }, { "fixed": "2.8.1" } ] }, "events": [ { "introduced": "804ef7223ef08fd14c274b4a4044cc4aeee68863" }, { "fixed": "0516d4d8bced506cae97dc3cb45dbd2fe4311f26" } ], "repo": "https://github.com/tensorflow/tensorflow", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "2.9.0rc0" }, { "fixed": "2.9.0" } ] }, "events": [ { "introduced": "8727d035e7aa593720d16a5f57f70f3b5a93bd00" }, { "fixed": "8a20d54a3c1bfa38c03ea99a2ad3c1b0a45dfa95" } ], "repo": "https://github.com/tensorflow/tensorflow", "type": "GIT" } ] } ], "aliases": [ "GHSA-pqhm-4wvf-2jg8" ], "database_specific": { "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-20", "CWE-476" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29201.json" }, "details": "TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.", "id": "CVE-2022-29201", "modified": "2026-04-01T23:10:17.674082097Z", "published": "2022-05-20T23:00:15Z", "references": [ { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/blob/f3b9bf4c3c0597563b289c0512e98d4ce81f886e/tensorflow/core/kernels/quantized_conv_ops.cc" }, { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.6.4" }, { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.7.2" }, { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.8.1" }, { "type": "WEB", "url": "https://github.com/tensorflow/tensorflow/releases/tag/v2.9.0" }, { "type": "ADVISORY", "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29201.json" }, { "type": "ADVISORY", "url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pqhm-4wvf-2jg8" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29201" }, { "type": "FIX", "url": "https://github.com/tensorflow/tensorflow/commit/0f0b080ecde4d3dfec158d6f60da34d5e31693c4" } ], "schema_version": "1.7.3", "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "summary": "Missing validation in `QuantizedConv2D` results in undefined behavior in TensorFlow" }