CVE-2021-29568: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by bin
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in the `ParameterizedTruncatedNormal` function where attackers can cause undefined behavior (unpredictable program crashes or corruption) by passing an empty array as input, because the code doesn't check if the input is valid before trying to access its first element. This flaw affects multiple versions of the software.
Solution / Mitigation
Update to TensorFlow 2.5.0 or later. If you use an earlier version, update to one of these patched releases: TensorFlow 2.4.2, 2.3.3, 2.2.3, or 2.1.4.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29568
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%