{"data":{"id":"02b78395-9a06-4d52-a10c-0216e50c707f","title":"CVE-2021-41220: TensorFlow is an open source platform for machine learning. In affected versions the async implementation of `Collective","summary":"TensorFlow, an open source platform for machine learning, had a memory leak and use-after-free bug (a mistake where the program tries to access data after it has already been deleted) in its `CollectiveReduceV2` function due to improper handling of asynchronous operations. The vulnerability was caused by objects being moved from memory while still being accessed elsewhere in the code.","solution":"The fix is included in TensorFlow 2.7.0, and the patch was also backported to TensorFlow 2.6.1, which was the only other affected version.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41220","publishedAt":"2021-11-06T03:15:08.350Z","cveId":"CVE-2021-41220","cweIds":["CWE-416"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00021,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-233"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}