CVE-2021-29571: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWith
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.MaxPoolGradWithArgmax` function where attackers can provide specially crafted input data to read and write outside the bounds of heap-allocated memory (memory areas assigned during program execution), potentially causing memory corruption. The issue occurs because the code assumes the last element of the `boxes` input is 4 without checking it first, so attackers can pass smaller values to access memory they shouldn't.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0 and will also be backported (copied to earlier versions still being supported) in TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4.
Vulnerability Details
4.5(medium)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29571
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%