{"data":{"id":"9a4b3894-f426-4d66-a43b-169e98376ba8","title":"CVE-2021-29576: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPool3DGradGr","summary":"TensorFlow, an open source platform for machine learning, has a vulnerability in a specific function called `tf.raw_ops.MaxPool3DGradGrad` that can cause a heap buffer overflow (a type of memory corruption where data overflows into adjacent memory). The problem occurs because the code doesn't properly check whether initialization completes successfully, leaving data in an invalid state.","solution":"The fix will be included in TensorFlow 2.5.0. The vulnerability is also being patched in earlier versions: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29576","publishedAt":"2021-05-15T00:15:14.107Z","cveId":"CVE-2021-29576","cweIds":["CWE-119","CWE-787"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}