{"data":{"id":"419b3412-0654-4585-a746-3db1b6151f14","title":"CVE-2021-37652: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.r","summary":"TensorFlow, a machine learning platform, has a use-after-free vulnerability (a bug where freed memory is accessed again) in the `tf.raw_ops.BoostedTreesCreateEnsemble` function that attackers can trigger with specially crafted input. The issue stems from refactoring that changed a resource from a naked pointer (basic memory reference) to a smart pointer (automatic memory management), causing the resource to be freed twice and its members to be accessed during cleanup after it's already been deallocated.","solution":"The issue was patched in GitHub commit 5ecec9c6fbdbc6be03295685190a45e7eee726ab. The fix is included in TensorFlow 2.6.0 and was also backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37652","publishedAt":"2021-08-13T02:15:08.130Z","cveId":"CVE-2021-37652","cweIds":["CWE-416","CWE-415"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00016,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-233"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}