{"data":{"id":"20aa02d8-b850-4a62-bed9-f4d1a77b5047","title":"CVE-2021-37659: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable or unsafe program execution) by exploiting binary cwise operations (element-wise math operations between two arrays) that don't check if their inputs have the same size. This missing check allows the program to read from invalid memory locations and crash or behave unexpectedly.","solution":"The issue was patched in GitHub commit 93f428fd1768df147171ed674fee1fc5ab8309ec. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to earlier versions still receiving support) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37659","publishedAt":"2021-08-13T01:15:08.763Z","cveId":"CVE-2021-37659","cweIds":["CWE-125","CWE-476"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00051,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}