{"data":{"id":"69ce4e2f-52e5-495f-a2f9-625db2104f4a","title":"CVE-2021-37639: TensorFlow is an end-to-end open source platform for machine learning. When restoring tensors via raw APIs, if the tenso","summary":"TensorFlow, a machine learning platform, has a vulnerability where attackers can crash the program or read memory they shouldn't access by providing incomplete or missing tensor names when restoring data. The bug happens because the code doesn't check if there are enough items in a list before trying to access them, leading to either a null pointer dereference (a crash from accessing invalid memory) or an out-of-bounds read (accessing memory outside the intended storage area).","solution":"The issue was patched in GitHub commit 9e82dce6e6bd1f36a57e08fa85af213e2b2f2622. The fix is included in TensorFlow 2.6.0 and was also backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37639","publishedAt":"2021-08-12T23:15:08.707Z","cveId":"CVE-2021-37639","cweIds":["CWE-476","CWE-125","CWE-476"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00014,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}