{"data":{"id":"33db4086-650c-474e-a3a7-72b94fc21a7f","title":"CVE-2021-41201: TensorFlow is an open source platform for machine learning. In affeced versions during execution, `EinsumHelper::ParseEq","summary":"TensorFlow, an open source machine learning platform, has a bug in the `EinsumHelper::ParseEquation()` function where it fails to properly initialize certain flags (variables that track whether ellipsis notation is used in inputs and outputs). The function only sets these flags to true but never to false, which can cause the program to read uninitialized memory (garbage values) if code calling this function assumes the flags are always set correctly.","solution":"The fix will be included in TensorFlow 2.7.0. The fix will also be backported (cherry-picked) to TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-41201","publishedAt":"2021-11-06T00:15:08.097Z","cveId":"CVE-2021-41201","cweIds":["CWE-824","CWE-824"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00022,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}