{"data":{"id":"76fcae93-eaae-4b8f-845c-f7e0f6ad36d4","title":"CVE-2021-37637: TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer derefere","summary":"TensorFlow, an open source platform for machine learning, has a vulnerability where passing invalid input to a specific function (tf.raw_ops.CompressElement) can cause a null pointer dereference (an error that occurs when code tries to access memory that hasn't been properly initialized). The bug happened because the code checked the size of a data buffer without first verifying that the buffer itself was valid.","solution":"The issue was patched in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37637","publishedAt":"2021-08-12T23:15:08.500Z","cveId":"CVE-2021-37637","cweIds":["CWE-476"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00012,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}