{"data":{"id":"c1962d6e-0361-41c1-909b-d7ea5edf8db0","title":"CVE-2021-29518: TensorFlow is an end-to-end open source platform for machine learning. In eager mode (default in TF 2.0 and later), sess","summary":"TensorFlow has a vulnerability where eager mode (the default execution style in TensorFlow 2.0+) allows users to call raw operations that shouldn't work, causing a null pointer dereference (an error where the program tries to use an empty memory reference). The problem occurs because the code doesn't check whether the session state pointer is valid before using it, leading to undefined behavior (unpredictable outcomes).","solution":"The fix will be included in TensorFlow 2.5.0. TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4 will also receive this fix through a cherrypick (backporting the security patch to older supported versions).","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29518","publishedAt":"2021-05-15T00:15:11.437Z","cveId":"CVE-2021-29518","cweIds":["CWE-476"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00009,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}