{"data":{"id":"b8976aaf-6383-4e95-8df1-bcfa3dfd15fc","title":"CVE-2021-29568: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by bin","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability in the `ParameterizedTruncatedNormal` function where attackers can cause undefined behavior (unpredictable program crashes or corruption) by passing an empty array as input, because the code doesn't check if the input is valid before trying to access its first element. This flaw affects multiple versions of the software.","solution":"Update to TensorFlow 2.5.0 or later. If you use an earlier version, update to one of these patched releases: TensorFlow 2.4.2, 2.3.3, 2.2.3, or 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29568","publishedAt":"2021-05-15T00:15:13.743Z","cveId":"CVE-2021-29568","cweIds":["CWE-824","CWE-476"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00011,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}