{"data":{"id":"07d1f29b-b993-491c-9559-2ba9ce4ee2dd","title":"CVE-2021-37643: TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value ","summary":"TensorFlow has a vulnerability where the MatrixDiagPartOp function doesn't check if input data exists before reading from it, causing either a null pointer dereference (a crash from accessing memory that doesn't exist) or incorrect behavior that ignores most of the data. This happens when users don't provide valid padding values to this operation.","solution":"The issue was patched in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix is included in TensorFlow 2.6.0 and was also backported to TensorFlow 2.5.1, 2.4.3, and 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37643","publishedAt":"2021-08-12T23:15:08.873Z","cveId":"CVE-2021-37643","cweIds":["CWE-476"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00012,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}