{"data":{"id":"1603fd45-3d88-432d-9db5-be40b3e149b6","title":"CVE-2021-29552: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a denial of service by cont","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can crash the program by passing an empty tensor (a multi-dimensional array of numbers) as the `num_segments` argument to the `UnsortedSegmentJoin` operation. The code assumes this input will always be a valid scalar (a single number), so when it's empty, a safety check fails and terminates the process, causing a denial of service (making the system unavailable).","solution":"The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29552","publishedAt":"2021-05-15T00:15:13.070Z","cveId":"CVE-2021-29552","cweIds":["CWE-617"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00015,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}