AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2021-37653 | TensorFlow: DoS via divide-by-zero in ResourceGather op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37660 | TensorFlow: DoS via divide-by-zero in inplace ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37637 | TensorFlow: null ptr dereference in CompressElement (DoS) | tensorflow | 5.5 |
| HIGH | CVE-2021-37638 | TensorFlow: null ptr deref in RaggedTensorToTensor op | tensorflow | 7.8 |
| HIGH | CVE-2021-37643 | TensorFlow: null deref in MatrixDiagPartOp, DoS risk | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37647 | TensorFlow: null deref in SparseTensor ops causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37649 | TensorFlow: null ptr deref crashes inference via bad tensor | tensorflow | 5.5 |
| HIGH | CVE-2021-37635 | TensorFlow: heap OOB read in sparse reduction ops | tensorflow | 7.1 |
| HIGH | CVE-2021-37641 | TensorFlow: RaggedGather OOB read - heap leak + DoS | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37644 | TensorFlow: DoS via negative TensorListReserve input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37645 | TensorFlow: integer overflow in quantize grad causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37646 | TensorFlow: StringNGrams integer overflow triggers DoS | tensorflow | 5.5 |
| HIGH | CVE-2021-37650 | TensorFlow: heap overflow in DatasetToTFRecord ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37651 | TensorFlow: heap OOB r/w in FractionalAvgPoolGrad op | tensorflow | 7.8 |
| HIGH | CVE-2021-37654 | TensorFlow: OOB read/crash via ResourceGather batch_dims | tensorflow | 7.1 |
| HIGH | CVE-2021-37656 | TensorFlow: null ptr deref in RaggedTensorToSparse op | tensorflow | 7.8 |
| HIGH | CVE-2021-37657 | TensorFlow: null ptr deref in MatrixDiagV ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37658 | TensorFlow: null ptr deref in MatrixSetDiagV ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37659 | TensorFlow: heap OOB in cwise ops enables local RCE | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37661 | TensorFlow: integer sign conversion DoS in boosted trees | tensorflow | 5.5 |