{"data":{"id":"f4bb96b0-d0c4-400b-8f9b-0acae49ea9ba","title":"CVE-2021-29537: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `","summary":"TensorFlow, a machine learning platform, has a vulnerability where attackers can cause a heap buffer overflow (a memory safety error where data is written past the intended memory boundaries) in the `QuantizedResizeBilinear` function by providing invalid threshold values for quantization (the process of reducing data precision). The bug occurs because the code assumes these inputs are always valid numbers and doesn't properly check them before using them.","solution":"The fix will be included in TensorFlow 2.5.0 and will be backported (ported to earlier versions) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29537","publishedAt":"2021-05-15T00:15:12.307Z","cveId":"CVE-2021-29537","cweIds":["CWE-131","CWE-787"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00018,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}