{"data":{"id":"8a5d16c3-b242-4e7d-9510-8ef10972f3c8","title":"CVE-2021-37679: TensorFlow is an end-to-end open source platform for machine learning. In affected versions it is possible to nest a `tf","summary":"TensorFlow has a vulnerability where nesting `tf.map_fn` (a function that applies operations to tensor elements) calls with RaggedTensor inputs (tensors with variable row lengths) and no function signature can leak uninitialized memory from the heap and potentially cause data loss. The bug occurs because the code doesn't verify that inner tensor shapes match when converting from a Variant tensor to a RaggedTensor.","solution":"The issue was patched in GitHub commit 4e2565483d0ffcadc719bd44893fb7f609bb5f12. The fix is included in TensorFlow 2.6.0 and was also backported (applied to earlier versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37679","publishedAt":"2021-08-13T03:15:08.287Z","cveId":"CVE-2021-37679","cweIds":["CWE-125","CWE-681"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00042,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}