Out-of-bounds read in TensorFlow - CVE-2021-41210
Published: November 5, 2021 / Updated: May 3, 2026
Vulnerability identifier: #VU129201
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-41210
CWE-ID: CWE-125
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
TensorFlow
TensorFlow
Software vendor:
TensorFlow
TensorFlow
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the shape inference functions for tf.raw_ops.SparseCountSparseOutput when parsing crafted input tensors. A remote attacker can supply a specially crafted indices input to disclose sensitive information.
The issue occurs because the function fails to check that the indices input has rank 2.
Remediation
Install security update from vendor's website.