{"data":{"id":"ee139210-0418-4c87-9745-c06b25cc0247","title":"CVE-2021-29539: TensorFlow is an end-to-end open source platform for machine learning. Calling `tf.raw_ops.ImmutableConst`(https://www.t","summary":"TensorFlow (an open source machine learning platform) has a bug where calling a specific function with certain data types causes a segfault (crash where the program tries to access invalid memory). The function assumes the data will be simple scalars (single values), but fails when given more complex data types like `tf.resource` or `tf.variant`.","solution":"The issue is patched in commit 4f663d4b8f0bec1b48da6fa091a7d29609980fa4 and will be released in TensorFlow 2.5.0. TensorFlow nightly packages after this commit will also have the fix. As a workaround, users can prevent the segfault by inserting a filter for the `dtype` argument when using `tf.raw_ops.ImmutableConst`.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29539","publishedAt":"2021-05-15T00:15:12.397Z","cveId":"CVE-2021-29539","cweIds":["CWE-681"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00015,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}