{"data":{"id":"4f3b3b5d-71c1-448f-9ace-18519cb701d8","title":"CVE-2021-29591: TensorFlow is an end-to-end open source platform for machine learning. TFlite graphs must not have loops between nodes. ","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability where TFlite graphs (computational structures that define ML models) were not properly checked to prevent loops between nodes. An attacker could create malicious models that cause infinite loops or stack overflow (running out of memory from too many nested function calls) during model evaluation, potentially crashing the system.","solution":"The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are also affected and still supported.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29591","publishedAt":"2021-05-15T00:15:15.017Z","cveId":"CVE-2021-29591","cweIds":["CWE-835","CWE-674","CWE-835"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00056,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}