{"data":{"id":"2494a195-f874-4e31-84ad-b70533ce996f","title":"CVE-2021-29587: TensorFlow is an end-to-end open source platform for machine learning. The `Prepare` step of the `SpaceToDepth` TFLite o","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability in its `SpaceToDepth` operator (a tool that rearranges data in neural networks) where the code doesn't check if a value called `block_size` is zero before dividing by it, which could cause a crash. An attacker could create a malicious model that sets `block_size` to zero to trigger this division-by-zero error.","solution":"The fix will be included in TensorFlow 2.5.0. TensorFlow will also backport (apply the same fix to older supported versions) this commit to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29587","publishedAt":"2021-05-15T00:15:14.677Z","cveId":"CVE-2021-29587","cweIds":["CWE-369"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}