AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2021-37682 | TFLite: uninitialized quant params corrupt inference | tensorflow | 7.1 |
| MEDIUM | CVE-2021-37683 | TFLite: division by zero DoS in inference kernels | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37684 | TensorFlow TFLite: DoS via division by zero in pooling | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37691 | TensorFlow TFLite: DoS via crafted model in LSH kernel | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37692 | TensorFlow: string tensor GC segfault causes process DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-37690 | TensorFlow: use-after-free crashes training processes | tensorflow | 6.6 |
| MEDIUM | CVE-2021-41195 | TensorFlow: integer overflow in segment ops causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41196 | TensorFlow: integer underflow crashes Keras pooling layers | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41197 | TensorFlow: integer overflow in tensor dims causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41198 | TensorFlow: tf.tile integer overflow crashes ML process | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41199 | TensorFlow: tf.image.resize integer overflow DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41200 | TensorFlow: DoS crash in tf.summary file writer | tensorflow | 5.5 |
| HIGH | CVE-2021-41210 | TensorFlow: heap OOB read in SparseCountSparseOutput | tensorflow | 7.1 |
| HIGH | CVE-2021-41203 | TensorFlow: malformed checkpoint triggers overflow/crash | tensorflow | 7.8 |
| MEDIUM | CVE-2021-41204 | TensorFlow: DoS via Grappler constant folding segfault | tensorflow | 5.5 |
| HIGH | CVE-2021-41205 | TensorFlow: heap OOB read in quantize ops, DoS+leak | tensorflow | 7.1 |
| HIGH | CVE-2021-41211 | TensorFlow: heap OOB read in QuantizeV2 shape inference | tensorflow | 7.1 |
| HIGH | CVE-2021-41212 | TensorFlow: heap OOB read in ragged.cross shape inference | tensorflow | 7.1 |
| MEDIUM | CVE-2021-41215 | TensorFlow: DeserializeSparse null deref causes DoS | tensorflow | 5.5 |
| MEDIUM | CVE-2021-41217 | TensorFlow: null pointer crash in control flow graph | tensorflow | 5.5 |