CVE-2021-29610: TensorFlow is an end-to-end open source platform for machine learning. The validation in `tf.raw_ops.QuantizeAndDequanti
Summary
TensorFlow has a vulnerability in the `QuantizeAndDequantizeV2` function where incorrect validation of the `axis` parameter allows invalid values to pass through, potentially causing heap underflow (a memory safety error where data is accessed below allocated memory boundaries). This flaw could let attackers read or write to other data stored in the heap (the area of memory used for dynamic storage).
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0 and will be backported (cherry-picked) to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
3.6(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29610
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%