{"data":{"id":"5b5a04cf-e2f8-4a8b-a863-6eb38d949d11","title":"CVE-2021-37663: TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation","summary":"TensorFlow, a machine learning platform, has a vulnerability in its `tf.raw_ops.QuantizeV2` function where incomplete validation (checking that inputs meet requirements) allows attackers to cause crashes or read data from invalid memory locations. The vulnerability occurs because the code doesn't properly verify that input parameters have matching sizes and are within valid ranges.","solution":"The issue has been patched in GitHub commit 6da6620efad397c85493b8f8667b821403516708. The fix will be included in TensorFlow 2.6.0 and has also been backported (adapted for older versions) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37663","publishedAt":"2021-08-13T03:15:07.233Z","cveId":"CVE-2021-37663","cweIds":["CWE-20"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00013,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}