{"data":{"id":"7f765ca7-64fd-4409-8926-0142980711d5","title":"CVE-2021-29611: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseReshape` results ","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability in the `SparseReshape` function where it doesn't properly check that input arguments are valid before using them. This incomplete validation allows an attacker to cause a denial of service (a crash that makes the system unavailable) by triggering a CHECK-failure, which is a built-in safety check that stops execution when something goes wrong.","solution":"The fix will be included in TensorFlow 2.5.0. The developers will also backport (apply the fix to older versions) this commit to TensorFlow 2.4.2 and TensorFlow 2.3.3, which are the only affected versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29611","publishedAt":"2021-05-15T00:15:15.947Z","cveId":"CVE-2021-29611","cweIds":["CWE-665","CWE-20"],"cvssScore":"3.6","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00015,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}