{"data":{"id":"db6dfbd9-de92-4b53-99b8-27d60652e477","title":"CVE-2021-29580: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPo","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.FractionalMaxPoolGrad` function that can crash the program when given empty input tensors (arrays of data with no elements). The bug occurs because the code doesn't properly check that input and output tensors are valid before processing them, which can be exploited to cause a denial of service attack (making the system unavailable).","solution":"The fix will be included in TensorFlow 2.5.0. The patch will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are still supported.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29580","publishedAt":"2021-05-15T00:15:14.293Z","cveId":"CVE-2021-29580","cweIds":["CWE-908"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00015,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}