{"data":{"id":"37ee39e6-5f4d-4121-b912-b3a4b7fff038","title":"CVE-2021-29609: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in a","summary":"TensorFlow's `SparseAdd` function (a tool for adding sparse tensors, which are data structures with mostly empty values) has incomplete validation that allows attackers to cause undefined behavior like accessing null memory or writing data outside allocated memory bounds. The vulnerability exists because the code doesn't properly check if tensors are empty or if their dimensions match, letting attackers send invalid sparse tensors that exploit unprotected assumptions.","solution":"The fix will be included in TensorFlow 2.5.0 and will be cherry-picked (backported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29609","publishedAt":"2021-05-15T00:15:15.850Z","cveId":"CVE-2021-29609","cweIds":["CWE-665","CWE-476","CWE-787"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00048,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}