{"data":{"id":"9d1c3513-b491-4ebc-ab2c-0347d7bd1202","title":"CVE-2021-29567: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.SparseDe","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.SparseDenseCwiseMul` function that lacks proper validation of input dimensions. An attacker can exploit this to cause denial of service (program crashes through failed checks) or write to memory locations outside the bounds of allocated buffers (heap overflow, unintended memory access).","solution":"The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29567","publishedAt":"2021-05-15T00:15:13.697Z","cveId":"CVE-2021-29567","cweIds":["CWE-617"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00015,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}