{"data":{"id":"663ec30b-30ef-4d99-be2a-8215ce9b52b5","title":"CVE-2021-29569: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWith","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where specially crafted inputs can cause the program to read memory outside the bounds of allocated heap memory (a memory safety violation). The bug occurs because the code assumes input tensors contain at least one element, but if they're empty, accessing even the first element reads invalid memory.","solution":"The fix will be included in TensorFlow 2.5.0. The fix will also be backported (applied to older versions) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29569","publishedAt":"2021-05-15T00:15:13.790Z","cveId":"CVE-2021-29569","cweIds":["CWE-125"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}