{"data":{"id":"1a49d769-1769-471d-97a3-7f637428d556","title":"CVE-2021-41216: TensorFlow is an open source platform for machine learning. In affected versions the shape inference function for `Trans","summary":"TensorFlow (an open source platform for machine learning) contains a vulnerability in its shape inference function for the `Transpose` operation where negative values in the `perm` parameter can cause a heap buffer overflow (writing data outside the intended memory boundaries). The issue stems from insufficient validation of the indices in `perm` before they are processed.","solution":"The fix will be included in TensorFlow 2.7.0. Users of affected versions should upgrade to TensorFlow 2.7.0 or the patched versions: TensorFlow 2.6.1, TensorFlow 2.5.2, or TensorFlow 2.4.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41216","publishedAt":"2021-11-06T03:15:08.287Z","cveId":"CVE-2021-41216","cweIds":["CWE-120","CWE-787"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.0002,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-100"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}