Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-48r2-gbks-v7eu
Vulnerability ID VCID-48r2-gbks-v7eu
Aliases BIT-tensorflow-2021-29542
CVE-2021-29542
GHSA-4hrh-9vmp-2jgg
PYSEC-2021-179
PYSEC-2021-470
PYSEC-2021-668
Summary multiple issues
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-131 Incorrect Calculation of Buffer Size
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2021-29542
epss 0.0001 https://api.first.org/data/v1/epss?cve=CVE-2021-29542
cvssv3.1_qr LOW https://github.com/advisories/GHSA-4hrh-9vmp-2jgg
cvssv3.1 2.5 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
cvssv4 2.0 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
generic_textual LOW https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
cvssv3.1 2.5 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
cvssv4 2.0 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
generic_textual LOW https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
cvssv3.1 2.5 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
cvssv4 2.0 https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
generic_textual LOW https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
cvssv3.1 2.5 https://github.com/tensorflow/tensorflow
cvssv4 2.0 https://github.com/tensorflow/tensorflow
generic_textual LOW https://github.com/tensorflow/tensorflow
cvssv3.1 2.5 https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
cvssv4 2.0 https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
generic_textual LOW https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
cvssv3.1 2.5 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
cvssv3.1_qr LOW https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
cvssv4 2.0 https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
generic_textual LOW https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
cvssv3.1 2.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29542
cvssv4 2.0 https://nvd.nist.gov/vuln/detail/CVE-2021-29542
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2021-29542
archlinux Critical https://security.archlinux.org/AVG-1962
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2021-29542
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
https://github.com/tensorflow/tensorflow
https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
https://nvd.nist.gov/vuln/detail/CVE-2021-29542
AVG-1962 https://security.archlinux.org/AVG-1962
GHSA-4hrh-9vmp-2jgg https://github.com/advisories/GHSA-4hrh-9vmp-2jgg
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-470.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-668.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-179.yaml
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/commit/ba424dd8f16f7110eea526a8086f1a155f14f22b
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4hrh-9vmp-2jgg
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29542
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-29542
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.01214
EPSS Score 0.0001
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T19:56:08.960889+00:00 Arch Linux Importer Import https://security.archlinux.org/AVG-1962 38.6.0