{"data":{"id":"3f706195-495b-4cd8-9e59-e0c825f03194","title":"CVE-2021-29578: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalAvgPo","summary":"TensorFlow (an open-source machine learning platform) has a vulnerability in a function called `tf.raw_ops.FractionalAvgPoolGrad` that can cause a heap buffer overflow (a memory error where a program writes data beyond allocated space). The bug happens because the code doesn't properly check that input arguments have the correct size before processing them.","solution":"The fix will be included in TensorFlow 2.5.0. It will also be backported (adapted and applied to older versions still receiving support) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29578","publishedAt":"2021-05-15T00:15:14.200Z","cveId":"CVE-2021-29578","cweIds":["CWE-119","CWE-787"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}