{"data":{"id":"f734dd2b-f86f-40e7-b7ae-7b1ffb7ce86d","title":"CVE-2021-29584: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a denial of service via a","summary":"TensorFlow (a machine learning platform) has a vulnerability where an attacker can crash the system by triggering an integer overflow (when a number becomes too large for the system to handle) in the code that creates tensor shapes (multi-dimensional arrays). The problem occurs because the code doesn't check if dimension calculations will overflow before creating a new tensor shape.","solution":"The fix will be included in TensorFlow 2.5.0. Additionally, the fix will be backported (applied to older versions) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are also affected and still supported.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-29584","publishedAt":"2021-05-15T00:15:14.490Z","cveId":"CVE-2021-29584","cweIds":["CWE-190"],"cvssScore":"2.5","cvssSeverity":"low","severity":"low","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00011,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}