{"data":{"id":"506c43a2-8dfd-493f-a5ad-15bc91a38858","title":"CVE-2021-37657: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi","summary":"TensorFlow, an open-source machine learning platform, has a vulnerability (CVE-2021-37657) where attackers can cause undefined behavior (unpredictable crashes or errors) by exploiting incomplete validation in matrix diagonal operations. The vulnerability occurs because the code doesn't check if the input tensor (a multi-dimensional array of data) is empty before trying to access its first element.","solution":"The issue was patched in GitHub commit f2a673bd34f0d64b8e40a551ac78989d16daad09. The fix is included in TensorFlow 2.6.0, and will also be available in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37657","publishedAt":"2021-08-13T01:15:08.567Z","cveId":"CVE-2021-37657","cweIds":["CWE-824"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00038,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}