Main Vulnerability Database Vulnerabilities #VU129323

Out-of-bounds read in TensorFlow - CVE-2021-29570

Published: May 13, 2021 / Updated: May 4, 2026

Vulnerability identifier: #VU129323

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-29570

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
TensorFlow

Software vendor:
TensorFlow

Description

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to an out-of-bounds read in tf.raw_ops.MaxPoolGradWithArgmax when parsing specially crafted inputs. A remote attacker can supply specially crafted inputs to disclose sensitive information.

The implementation uses the same value to index two different arrays without guaranteeing that their sizes are identical.

Remediation

Install security update from vendor's website.

External links

https://github.com/tensorflow/tensorflow/security/advisories/GHSA-545v-42p7-98fq
https://github.com/tensorflow/tensorflow/commit/dcd7867de0fea4b72a2b34bd41eb74548dc23886

Out-of-bounds read in TensorFlow - CVE-2021-29570

Description

Remediation

External links

Please verify you're human