CVE-2021-29580: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.FractionalMaxPo
Summary
TensorFlow, an open source machine learning platform, has a vulnerability in the `tf.raw_ops.FractionalMaxPoolGrad` function that can crash the program when given empty input tensors (arrays of data with no elements). The bug occurs because the code doesn't properly check that input and output tensors are valid before processing them, which can be exploited to cause a denial of service attack (making the system unavailable).
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The patch will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are still supported.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29580
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%