{"data":{"id":"55662900-0a12-4d9f-b8db-3fc4a278c3c5","title":"CVE-2021-37672: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from ou","summary":"TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can read data outside the intended memory bounds (a heap overflow, which is when a program accesses memory it shouldn't) by sending specially crafted invalid arguments to a function called tf.raw_ops.SdcaOptimizerV2. The vulnerability exists because the code doesn't verify that the length of input labels matches the number of examples being processed.","solution":"The issue has been patched in GitHub commit a4e138660270e7599793fa438cd7b2fc2ce215a6. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to older supported versions) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37672","publishedAt":"2021-08-13T03:15:07.787Z","cveId":"CVE-2021-37672","cweIds":["CWE-125"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00016,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}