{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T11:48:55.406","vulnerabilities":[{"cve":{"id":"CVE-2021-29540","sourceIdentifier":"security-advisories@github.com","published":"2021-05-14T20:15:12.443","lastModified":"2024-11-21T06:01:20.413","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"TensorFlow is an end-to-end open source platform for machine learning. An attacker can cause a heap buffer overflow to occur in `Conv2DBackpropFilter`. This is because the implementation(https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L495-L497) computes the size of the filter tensor but does not validate that it matches the number of elements in `filter_sizes`. Later, when reading/writing to this buffer, code uses the value computed here, instead of the number of elements in the tensor. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range."},{"lang":"es","value":"TensorFlow es una plataforma de código abierto de extremo a extremo para el aprendizaje automático. Un atacante puede causar un desbordamiento del búfer de la pila que ocurra en la función \"Conv2DBackpropFilter\". Esto es debido a que la implementación (https://github.com/tensorflow/tensorflow/blob/1b0296c3b8dd9bd948f924aa8cd62f87dbb7c3da/tensorflow/core/kernels/conv_grad_filter_ops.cc#L495-L497) calcula el tamaño del tensor de filtro que coincide pero no comprueba el número de elementos en \"filter_sizes\". Más tarde, cuando leen y escriben este búfer, el código usa el valor calculado aquí, en lugar del número de elementos en el tensor. La corrección será incluida en TensorFlow versión 2.5.0. También seleccionaremos este commit en TensorFlow versión 2.4.2, TensorFlow versión 2.3.3, TensorFlow versión 2.2.3 y TensorFlow versión 2.1.4, ya que estos también están afectados y aún están en el rango compatible"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L","baseScore":2.5,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.0,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-120"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionEndExcluding":"2.1.4","matchCriteriaId":"323ABCCE-24EB-47CC-87F6-48C101477587"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.2.3","matchCriteriaId":"64ABA90C-0649-4BB0-89C9-83C14BBDCC0F"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.3.0","versionEndExcluding":"2.3.3","matchCriteriaId":"0F83E0CF-CBF6-4C24-8683-3E7A5DC95BA9"},{"vulnerable":true,"criteria":"cpe:2.3:a:google:tensorflow:*:*:*:*:*:*:*:*","versionStartIncluding":"2.4.0","versionEndExcluding":"2.4.2","matchCriteriaId":"8259531B-A8AC-4F8B-B60F-B69DE4767C03"}]}]}],"references":[{"url":"https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xgc3-m89p-vr3x","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/commit/c570e2ecfc822941335ad48f6e10df4e21f11c96","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xgc3-m89p-vr3x","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}