AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-29586: TensorFlow is an end-to-end open source platform for machine learning. Optimized pooling implementations in TFLite fail

lowvulnerability

security

Source: NVD/CVE DatabaseMay 14, 2021CVE-2021-29586

Summary

TensorFlow's pooling code (the part that downsamples data in neural networks) has a bug where it doesn't check if stride values, which control how much data to skip, are zero before doing math with them. An attacker can create a special machine learning model that forces stride to be zero, causing a division by zero error (dividing by zero, which crashes programs) that could crash or be exploited.

Solution / Mitigation

The fix will be included in TensorFlow 2.5.0. It will also be added to TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4, as these versions are affected and still supported.

Vulnerability Details

CVSS Score

2.5(low)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

DoS

Attack SophisticationTrivial

Impact (CIA+S)

availability

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-369

Affected Vendors

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Similar attackNVD/CVE Database

low

CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%