AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-37662 | TensorFlow: null deref in BoostedTrees training ops | tensorflow | 7.8 |
| HIGH | CVE-2021-37664 | TensorFlow: heap OOB read in BoostedTrees ops | tensorflow | 7.1 |
| HIGH | CVE-2021-37648 | TensorFlow SaveV2: null ptr deref, local crash/RCE | tensorflow | 7.8 |
| HIGH | CVE-2021-37666 | TensorFlow: null-ptr deref in RaggedTensorToVariant op | tensorflow | 7.8 |
| HIGH | CVE-2021-37667 | TensorFlow: UnicodeEncode null deref, local code exec | tensorflow | 7.8 |
| HIGH | CVE-2021-37671 | TensorFlow: null-ptr deref in Map ops, local C/I/A:High | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37675 | TensorFlow: DoS via division by zero in conv ops | tensorflow | 5.5 |
| HIGH | CVE-2021-37676 | TensorFlow: null ptr deref in SparseFillEmptyRows op | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37680 | TFLite: division by zero crashes fully connected layers | tensorflow | 5.5 |
| HIGH | CVE-2021-37681 | TensorFlow Lite: null ptr deref crashes SVDF inference | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37686 | TFLite: infinite loop DoS via crafted strided slice model | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37688 | TensorFlow Lite: DoS via crafted TFLite model file | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37689 | TensorFlow Lite: MLIR null ptr deref crashes inference | tensorflow | 5.5 |
| HIGH | CVE-2021-37663 | TensorFlow: QuantizeV2 heap OOB/null-deref in quantization | tensorflow | 7.8 |
| HIGH | CVE-2021-37665 | TensorFlow MKL: null-ptr/heap-OOB in requantization ops | tensorflow | 7.8 |
| MEDIUM | CVE-2021-37668 | TensorFlow: DoS via div-by-zero in UnravelIndex op | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37669 | TensorFlow: integer conversion DoS in NonMaxSuppression ops | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37673 | TensorFlow: MapStage CHECK-fail causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37674 | TensorFlow: DoS via MaxPoolGrad invalid tensor input | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37677 | TensorFlow: DoS via invalid Dequantize axis argument | tensorflow | 5.5 |