AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-29523 | TensorFlow: DoS via integer overflow in sparse ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29524 | TensorFlow: div-by-zero DoS in Conv2D backprop op | tensorflow | 5.5 |
| HIGH | CVE-2021-29525 | TensorFlow: div-by-zero DoS in Conv2DBackpropInput | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29526 | TensorFlow: Conv2D divide-by-zero crashes ML workloads | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29527 | TensorFlow: divide-by-zero DoS in QuantizedConv2D | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29528 | TensorFlow: DoS via division-by-zero in QuantizedMul | tensorflow | 5.5 |
| HIGH | CVE-2021-29530 | TensorFlow: null ptr deref in sparse Cholesky ops | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29531 | TensorFlow: DoS crash via empty tensor in PNG encoding | tensorflow | 5.5 |
| HIGH | CVE-2021-29532 | TensorFlow: heap OOB read via RaggedCross op | tensorflow | 7.1 |
| MEDIUM | CVE-2021-29533 | TensorFlow: DoS via empty image in DrawBoundingBoxes | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29534 | TensorFlow: DoS via CHECK-fail in SparseConcat op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29538 | TensorFlow: div-by-zero DoS in Conv2DBackpropFilter | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29539 | TensorFlow: type confusion in ImmutableConst causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29541 | TensorFlow: null ptr deref DoS in StringNGrams op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29542 | TensorFlow: StringNGrams heap overflow crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29543 | TensorFlow: DoS via assertion fail in CTCGreedyDecoder | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29544 | TensorFlow: DoS via missing tensor rank validation | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29545 | TensorFlow: heap OOB write in sparse tensor DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-29546 | TensorFlow: div-by-zero in QuantizedBiasAdd, C/I/A high | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29547 | TensorFlow: OOB read DoS via empty tensor in QuantizedBatchNorm | tensorflow | 5.5 |