{"data":{"id":"479c1e90-b3c6-4534-9891-910ae2546339","title":"CVE-2021-37662: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can generate und","summary":"TensorFlow, an open-source platform for machine learning, has a vulnerability in two functions (BoostedTreesCalculateBestGainsPerFeature and BoostedTreesCalculateBestFeatureSplitV2) where attackers can cause undefined behavior (unpredictable program crashes or errors) by exploiting missing input validation that fails to check for null references (empty pointers). The issue allows attackers to trigger these crashes through specially crafted inputs.","solution":"The fix is included in TensorFlow 2.6.0 and will be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4. Users should update to one of these patched versions.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37662","publishedAt":"2021-08-13T01:15:08.967Z","cveId":"CVE-2021-37662","cweIds":["CWE-824"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00037,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}