CVE-2021-29512: TensorFlow is an end-to-end open source platform for machine learning. If the `splits` argument of `RaggedBincount` does
Summary
TensorFlow, an open-source machine learning platform, has a vulnerability in its `RaggedBincount` operation where improper validation of the `splits` argument can allow an attacker to trigger a heap buffer overflow (reading memory outside the intended bounds). An attacker could craft malicious input that causes the code to read from invalid memory locations, potentially leading to crashes or information disclosure.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2 and TensorFlow 2.3.3.
Vulnerability Details
2.5(low)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29512
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 92%