CVE-2021-29532: TensorFlow is an end-to-end open source platform for machine learning. An attacker can force accesses outside the bounds
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedCross` function that allows attackers to access memory outside the intended boundaries of arrays (heap OOB reads, meaning out-of-bounds reads in heap memory) by sending specially crafted invalid tensor values. The problem occurs because the code doesn't validate user-supplied arguments before using them to access array elements.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. It will also be backported (applied to older versions still being supported) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29532
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%