AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-29572 | TensorFlow: null ptr deref crashes SdcaOptimizer op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29573 | TensorFlow: div-by-zero in MaxPoolGrad op causes DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-29574 | TensorFlow: null ptr deref in MaxPool3DGradGrad ops | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29575 | TensorFlow: stack overflow DoS in ReverseSequence op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29580 | TensorFlow: DoS via empty tensor in FractionalMaxPoolGrad | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29581 | TensorFlow: DoS via null buffer in CTCBeamSearchDecoder | tensorflow | 5.5 |
| HIGH | CVE-2021-29583 | TensorFlow: heap overflow in FusedBatchNorm risks RCE | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29584 | TensorFlow: integer overflow DoS in SparseSplit op | tensorflow | 5.5 |
| HIGH | CVE-2021-29585 | TensorFlow TFLite: divide-by-zero crashes ML inference | tensorflow | 7.8 |
| HIGH | CVE-2021-29586 | TFLite: div-by-zero in pooling crashes inference engine | tensorflow | 7.8 |
| HIGH | CVE-2021-29587 | TensorFlow TFLite: divide-by-zero via crafted model file | tensorflow | 7.8 |
| HIGH | CVE-2021-29588 | TensorFlow Lite: DoS/RCE via crafted model stride=0 | tensorflow | 7.8 |
| HIGH | CVE-2021-29589 | TFLite GatherNd: divide-by-zero crashes inference runtime | tensorflow | 7.8 |
| HIGH | CVE-2021-29590 | TensorFlow TFLite: OOB read via empty tensor in Min/Max ops | tensorflow | 7.1 |
| HIGH | CVE-2021-29591 | TFLite: crafted model causes infinite loop / stack overflow | tensorflow | 7.8 |
| HIGH | CVE-2021-29592 | TensorFlow Lite: null-ptr deref in Reshape via 1D tensor | tensorflow | 7.8 |
| HIGH | CVE-2021-29593 | TensorFlow TFLite: div-by-zero via crafted model file | tensorflow | 7.8 |
| HIGH | CVE-2021-29594 | TFLite: divide-by-zero in conv allows code execution | tensorflow | 7.8 |
| HIGH | CVE-2021-29595 | TensorFlow TFLite: crash/RCE via malicious model file | tensorflow | 7.8 |
| HIGH | CVE-2021-29596 | TensorFlow TFLite: div-by-zero in EmbeddingLookup op | tensorflow | 7.8 |