Login Sign Up

CVE-2021-29605

7.1 HIGH
Denial of Service

📋 TL;DR

This CVE describes an integer overflow vulnerability in TensorFlow's TFLite component. An attacker can craft a malicious machine learning model that causes memory allocation to fail, potentially leading to denial of service or arbitrary code execution. All TensorFlow users running TFLite inference with untrusted models are affected.

💻 Affected Systems

Products:
  • TensorFlow
Versions: TensorFlow 2.1.0 through 2.4.1, 2.3.0 through 2.3.2, 2.2.0 through 2.2.2
Operating Systems: All platforms running TensorFlow
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects TFLite component when processing models. TensorFlow Serving and other inference systems using TFLite are vulnerable.

📦 What is this software?

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

Tensorflow by Google

View all CVEs affecting Tensorflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through heap corruption, allowing an attacker to take control of the TensorFlow process.

🟠

Likely Case

Denial of service through application crash when processing malicious models.

🟢

If Mitigated

Limited impact if models are from trusted sources and proper input validation is in place.

🌐 Internet-Facing: HIGH - TensorFlow services accepting user-uploaded models are directly exploitable.
🏢 Internal Only: MEDIUM - Internal ML pipelines could be compromised via supply chain attacks or malicious insiders.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious TFLite model file. No public exploits have been released.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: TensorFlow 2.5.0, 2.4.2, 2.3.3, 2.2.3, 2.1.4

Vendor Advisory: https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jf7h-7m85-w2v2

Restart Required: Yes

Instructions:

1. Identify your TensorFlow version. 2. Upgrade to patched version: pip install tensorflow==2.5.0 (or appropriate version). 3. Restart all TensorFlow services and applications.

🔧 Temporary Workarounds

Model Validation

all

Implement strict validation of TFLite model files before processing

Sandbox Execution

linux

Run TensorFlow inference in isolated containers with limited privileges

docker run --read-only --cap-drop=ALL tensorflow-container

🧯 If You Can't Patch

  • Restrict TFLite model sources to trusted repositories only
  • Implement network segmentation to isolate TensorFlow services from critical systems

🔍 How to Verify

Check if Vulnerable:

Check TensorFlow version: python -c 'import tensorflow as tf; print(tf.__version__)'

Check Version:

python -c 'import tensorflow as tf; print(tf.__version__)'

Verify Fix Applied:

Verify version is 2.5.0 or patched backport (2.4.2, 2.3.3, 2.2.3, 2.1.4)

📡 Detection & Monitoring

Log Indicators:

  • TensorFlow process crashes
  • Memory allocation failures in TFLite
  • Invalid pointer dereference errors

Network Indicators:

  • Unexpected TFLite model uploads to inference endpoints
  • Abnormal model file sizes

SIEM Query:

source="tensorflow" AND (event="crash" OR event="segfault")

📊 Metadata

CVE ID: CVE-2021-29605
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-190
Published: May 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-29605, you might also want to check these:

CVE-2025-64721 10.0

This vulnerability in Sandboxie allows sandboxed processes to exploit an integer overflow in the Sbi...

Same vulnerability type (CWE-190)
CVE-2025-52581 9.8

An integer overflow vulnerability in libbiosig's GDF file parsing allows arbitrary code execution wh...

Same vulnerability type (CWE-190)
CVE-2025-53518 9.8

An integer overflow vulnerability in libbiosig's ABF file parser allows arbitrary code execution whe...

Same vulnerability type (CWE-190)