CVE-2021-29567: TensorFlow is an end-to-end open source platform for machine learning. Due to lack of validation in `tf.raw_ops.SparseDe
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.SparseDenseCwiseMul` function that lacks proper validation of input dimensions. An attacker can exploit this to cause denial of service (program crashes through failed checks) or write to memory locations outside the bounds of allocated buffers (heap overflow, unintended memory access).
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29567
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%