CVE-2021-29560: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `
Summary
TensorFlow, a machine learning platform, has a vulnerability where an attacker can cause a heap buffer overflow (memory corruption from writing past allocated memory limits) in the RaggedTensorToTensor function by providing specially crafted input shapes. The bug occurs because the code uses the same index to access two different arrays, and if one array is shorter than the other, it reads or writes to invalid memory locations.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. Additionally, the commit fixing this issue will be cherry-picked (applied as a backport) to TensorFlow 2.4.2, 2.3.3, 2.2.3, and 2.1.4, which are all affected and still in the supported range.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29560
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%