{"data":{"id":"201f8a57-a5ce-470f-ba9f-8e41ddbfd258","title":"CVE-2021-29572: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.SdcaOptimizer` ","summary":"TensorFlow, a machine learning platform, has a bug in the `tf.raw_ops.SdcaOptimizer` function where it crashes when given invalid input because it tries to access memory that doesn't exist (null pointer dereference, which is undefined behavior in programming). The code doesn't check that user inputs meet the function's requirements before processing them.","solution":"The fix will be included in TensorFlow 2.5.0. It will also be backported (applied retroactively) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29572","publishedAt":"2021-05-15T00:15:13.927Z","cveId":"CVE-2021-29572","cweIds":["CWE-476"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00015,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}