CVE-2021-29570: TensorFlow is an end-to-end open source platform for machine learning. The implementation of `tf.raw_ops.MaxPoolGradWith
Summary
A vulnerability in TensorFlow (an open source machine learning platform) called CVE-2021-29570 affects the `tf.raw_ops.MaxPoolGradWithArgmax` function, which can read outside the bounds of allocated memory (a heap overflow) if an attacker provides specially designed inputs. The bug occurs because the code uses the same value to look up data in two different arrays without checking that both arrays are the same size.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. It will also be applied to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, which are still in the supported range.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29570
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 92%