{"data":{"id":"f4c0ffbc-ced8-4f3b-90c0-f3b0716dde9d","title":"CVE-2021-29540: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to o","summary":"TensorFlow, an open source platform for machine learning, has a vulnerability where an attacker can cause a heap buffer overflow (a memory corruption bug where data is written beyond the intended memory region) in the Conv2DBackpropFilter function. This happens because the code calculates the filter tensor size but doesn't check that it matches the actual number of elements, leading to memory safety issues when the code later reads or writes to this buffer.","solution":"The fix will be included in TensorFlow 2.5.0. It will also be backported to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29540","publishedAt":"2021-05-15T00:15:12.443Z","cveId":"CVE-2021-29540","cweIds":["CWE-120","CWE-787"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00049,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}