{"data":{"id":"f15e4b76-93bf-449b-8fb6-5f181e8469fd","title":"CVE-2021-29579: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGrad` is","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.MaxPoolGrad` function called a heap buffer overflow (a bug where a program writes data beyond the memory it's allowed to use). The vulnerability occurs because the code doesn't properly check that array indices are valid before accessing data, which could allow attackers to read or corrupt memory.","solution":"The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29579","publishedAt":"2021-05-15T00:15:14.247Z","cveId":"CVE-2021-29579","cweIds":["CWE-119","CWE-787"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}