How severe is CVE-2021-29615?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2021-29615?

This is classified as CWE-674, which is a common weakness in software security.

CVE-2021-29615 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

TensorFlow is an end-to-end open source platform for machine learning. The implementation of `ParseAttrValue`(https://github.com/tensorflow/tensorflow/blob/c22d88d6ff33031aa113e48aa3fc9aa74ed79595/tensorflow/core/framework/attr_value_util.cc#L397-L453) can be tricked into stack overflow due to recursion by giving in a specially crafted input. The fix will be included in TensorFlow 2.5.0. We will also cherrypick this commit on TensorFlow 2.4.2, TensorFlow 2.3.3, TensorFlow 2.2.3 and TensorFlow 2.1.4, as these are also affected and still in supported range.

Related Vulnerabilities

CVE-2017-0692

MEDIUM

CVSS:5.5(Medium)

A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407.

CWE-6742017

CVE-2017-7515

MEDIUM

CVSS:5.5(Medium)

poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.

CWE-6742017

CVE-2017-9616

MEDIUM

CVSS:5.5(Medium)

In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.

CWE-6742017

CVE-2017-9617

MEDIUM

CVSS:5.5(Medium)

In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.

CWE-6742017

CVE-2018-11254

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode() function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a ...

CWE-6742018

CVE-2018-11597

MEDIUM

CVSS:5.5(Medium)

Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack e...

CWE-6742018