{"data":{"id":"eeed3f78-cf70-434f-ae04-2a0c979c1ae9","title":"CVE-2021-29586: TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail ","summary":"TensorFlow's pooling code (the part that downsamples data in neural networks) has a bug where it doesn't check if stride values, which control how much data to skip, are zero before doing math with them. An attacker can create a special machine learning model that forces stride to be zero, causing a division by zero error (dividing by zero, which crashes programs) that could crash or be exploited.","solution":"The fix will be included in TensorFlow 2.5.0. It will also be added to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are affected and still supported.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29586","publishedAt":"2021-05-15T00:15:14.627Z","cveId":"CVE-2021-29586","cweIds":["CWE-369"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00017,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}