AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29578: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalAvgPo

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29578

Summary

TensorFlow (an open-source machine learning platform) has a vulnerability in a function called `tf.raw_ops.FractionalAvgPoolGrad` that can cause a heap buffer overflow (a memory error where a program writes data beyond allocated space). The bug happens because the code doesn't properly check that input arguments have the correct size before processing them.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. It will also be backported (adapted and applied to older versions still receiving support) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-119 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29578

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%