{"data":{"id":"7e1b6028-f867-4ee7-938f-ada4bd288a46","title":"CVE-2021-29607: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in a","summary":"TensorFlow, an open-source machine learning platform, has a bug in its `SparseAdd` function where it doesn't fully check the validity of sparse tensors (data structures that efficiently store mostly empty matrices). This allows attackers to send malformed tensors that can cause the program to crash or write data to unintended memory locations.","solution":"The fix will be included in TensorFlow 2.5.0. Patches will also be available in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29607","publishedAt":"2021-05-15T00:15:15.763Z","cveId":"CVE-2021-29607","cweIds":["CWE-754"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00048,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}