CVE-2021-29536: TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow in `
lowvulnerability
security
Summary
TensorFlow, a machine learning platform, has a heap buffer overflow vulnerability (a memory safety bug where code writes beyond allocated memory) in the `QuantizedReshape` function. The vulnerability occurs when an attacker passes empty tensors (multi-dimensional arrays) as threshold inputs, causing the code to incorrectly access memory at position 0 of an empty buffer.
Solution / Mitigation
The fix will be included in TensorFlow 2.5.0. The vulnerability will also be patched in TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3, and TensorFlow 2.1.4.
Vulnerability Details
CVSS Score
2.5(low)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack Type
Other
Attack SophisticationModerate
Impact (CIA+S)
integrityavailability
Affected Vendors
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-29536
First tracked: February 15, 2026 at 08:38 PM
Classified by LLM (prompt v3) · confidence: 95%