{"data":{"id":"62142655-df27-4419-ba41-083151d53845","title":"CVE-2021-37647: TensorFlow is an end-to-end open source platform for machine learning. When a user does not supply arguments that determ","summary":"TensorFlow (an open source platform for machine learning) has a vulnerability where the `tf.raw_ops.SparseTensorSliceDataset` function can crash by trying to access memory that doesn't exist (null pointer dereference) when a user provides incomplete arguments for a sparse tensor (a data structure optimized for data with many zero values). The bug occurs because the code doesn't properly validate the case when one part of the sparse tensor is empty but the other part is provided.","solution":"The issue has been patched in GitHub commit 02cc160e29d20631de3859c6653184e3f876b9d7. The fix will be included in TensorFlow 2.6.0, and will also be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37647","publishedAt":"2021-08-12T23:15:08.963Z","cveId":"CVE-2021-37647","cweIds":["CWE-476"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00044,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}