{"data":{"id":"af1c49d3-3e67-46e8-9a20-343d0fa5c105","title":"CVE-2021-29610: TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequanti","summary":"TensorFlow has a vulnerability in the `QuantizeAndDequantizeV2` function where incorrect validation of the `axis` parameter allows invalid values to pass through, potentially causing heap underflow (a memory safety error where data is accessed below allocated memory boundaries). This flaw could let attackers read or write to other data stored in the heap (the area of memory used for dynamic storage).","solution":"The fix will be included in TensorFlow 2.5.0 and will be backported (cherry-picked) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29610","publishedAt":"2021-05-15T00:15:15.900Z","cveId":"CVE-2021-29610","cweIds":["CWE-665","CWE-787"],"cvssScore":"3.6","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}