{"data":{"id":"99c774a3-7705-4089-9556-bc0d5ad25951","title":"CVE-2021-29560: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `","summary":"TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a heap buffer overflow (memory corruption from writing past allocated memory limits) in the RaggedTensorToTensor function by providing specially crafted input shapes. The bug occurs because the code uses the same index to access two different arrays, and if one array is shorter than the other, it reads or writes to invalid memory locations.","solution":"The fix will be included in TensorFlow 2.5.0. Additionally, the commit fixing this issue will be cherry-picked (applied as a backport) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which are all affected and still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29560","publishedAt":"2021-05-15T00:15:13.380Z","cveId":"CVE-2021-29560","cweIds":["CWE-125","CWE-787"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100","CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}