AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-41202: TensorFlow is an open source platform for machine learning. In affected versions while calculating the size of the outpu

mediumvulnerability

security

Source: NVD/CVE DatabaseNovember 5, 2021CVE-2021-41202

Summary

TensorFlow, an open source platform for machine learning, has a bug in its `tf.range` function where a conditional statement mixes two different number types (int64, a large integer type, and double, a decimal number type). Due to how C++ automatically converts between these types, the calculation overflows (produces incorrect results that are too large to store). This causes the output size calculation to fail.

Solution / Mitigation

The fix will be included in TensorFlow 2.7.0. The fix will also be backported (applied to older versions still being supported) in TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-681

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-41202

First tracked: February 15, 2026 at 08:40 PM

Classified by LLM (prompt v3) · confidence: 92%