CVE-2021-29612: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in
Summary
TensorFlow has a vulnerability (CVE-2021-29612) where a specific operation called `tf.raw_ops.BandedTriangularSolve` can be tricked into accessing memory it shouldn't (a heap buffer overflow, where an attacker reads or writes beyond the intended memory boundaries). The bug happens because the code doesn't properly check if input data is empty, and it doesn't verify that earlier validation checks actually succeeded before continuing to process the data.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. It will also be backported (applied to earlier versions) in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
3.6(low)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29612
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%