AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41205: TensorFlow is an open source platform for machine learning. In affected versions the shape inference functions for the `

highvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41205

Summary

TensorFlow, an open source platform for machine learning, has a vulnerability in its shape inference functions for `QuantizeAndDequantizeV*` operations that can cause the program to read data outside the bounds of allocated memory (an out-of-bounds read, which is a memory safety error). This affects multiple versions of TensorFlow.

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. The patch will also be applied to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these versions are affected and still supported.

Vulnerability Details

CVSS Score

7.1(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-125 CWE-125

CAPEC (Attack Pattern)

CAPEC-540

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41205

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 95%