{"data":{"id":"dfc2b396-957f-4298-91eb-f34586c7b6e6","title":"CVE-2021-29570: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWith","summary":"A vulnerability in TensorFlow (an open source machine learning platform) called CVE-2021-29570 affects the `tf.raw_ops.MaxPoolGradWithArgmax` function, which can read outside the bounds of allocated memory (a heap overflow) if an attacker provides specially designed inputs. The bug occurs because the code uses the same value to look up data in two different arrays without checking that both arrays are the same size.","solution":"The fix will be included in TensorFlow 2.5.0. It will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29570","publishedAt":"2021-05-15T00:15:13.833Z","cveId":"CVE-2021-29570","cweIds":["CWE-125"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00014,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}