AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-29597 | TensorFlow TFLite: div-by-zero crash via crafted model | tensorflow | 7.8 |
| HIGH | CVE-2021-29598 | TensorFlow TFLite: SVDF div-by-zero enables RCE | tensorflow | 7.8 |
| HIGH | CVE-2021-29599 | TFLite Split: malicious model triggers div-by-zero (DoS/RCE) | tensorflow | 7.8 |
| HIGH | CVE-2021-29600 | TensorFlow TFLite: div-by-zero via crafted OneHot model | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29602 | TensorFlow TFLite: DepthwiseConv division-by-zero DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29604 | TFLite: DoS via division by zero in hashtable lookup | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29605 | TFLite: integer overflow DoS via crafted model file | tensorflow | 5.5 |
| HIGH | CVE-2021-29607 | TensorFlow: heap OOB write in SparseAdd op | tensorflow | 7.8 |
| HIGH | CVE-2021-29609 | TensorFlow: SparseAdd heap OOB write and null deref | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29611 | TensorFlow: DoS via SparseReshape invalid tensor input | tensorflow | 5.5 |
| HIGH | CVE-2021-29613 | TensorFlow: CTCLoss heap OOB read, info leak + crash | tensorflow | 7.1 |
| HIGH | CVE-2021-29614 | TensorFlow: OOB write in decode_raw crashes interpreter | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29615 | TensorFlow: uncontrolled recursion DoS in ParseAttrValue | tensorflow | 5.5 |
| HIGH | CVE-2021-29616 | TensorFlow: null ptr deref in graph optimizer | tensorflow | 7.8 |
| MEDIUM | CVE-2021-29617 | TensorFlow: DoS via CHECK-fail in strings.substr | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29618 | TensorFlow: DoS crash via tf.transpose complex+conjugate | tensorflow | 5.5 |
| MEDIUM | CVE-2021-29619 | TensorFlow: DoS via invalid SparseCount op args | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37636 | TensorFlow: div-by-zero DoS in SparseDenseCwiseDiv op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37640 | TensorFlow: SparseReshape div-by-zero crashes ML pipelines | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37642 | TensorFlow: ResourceScatterDiv div-by-zero enables DoS | tensorflow | 5.5 |