CVE-2021-29613: TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` all
Summary
TensorFlow (an open-source machine learning platform) has a vulnerability in its `tf.raw_ops.CTCLoss` function where incomplete validation (insufficient checking of input data) allows an attacker to trigger an OOB read from heap (accessing memory outside the intended boundaries). This is a memory safety issue that could crash the program or expose sensitive data.
Solution / Mitigation
The fix is included in TensorFlow 2.5.0. Users of earlier versions should update to: TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, or TensorFlow 2.1.4, as these versions contain cherrypicked patches (code changes applied to older versions) that address the vulnerability.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29613
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%