CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Summary
A vulnerability in TensorFlow (a platform for building machine learning models) allows an attacker to cause a null pointer dereference (a crash caused by trying to access memory that doesn't exist) in the `tf.raw_ops.StringNGrams` function by providing invalid input that isn't properly checked. This happens because the code doesn't fully validate the `data_splits` argument before using it, potentially causing the program to crash when trying to write data.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. It will also be backported (applied to older versions still being supported) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2025-33254: NVIDIA Triton Inference Server contains a vulnerability where an attacker may cause internal state corruption. A success
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29541
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%