{"data":{"id":"95210777-c394-4593-8b75-0cc80aa4af92","title":"CVE-2021-37665: TensorFlow is an end-to-end open source platform for machine learning. In affected versions due to incomplete validation","summary":"TensorFlow, an open source machine learning platform, has a vulnerability in its MKL implementation where incomplete validation of input tensor dimensions allows attackers to trigger undefined behavior (accessing invalid memory locations or reading data outside allocated memory bounds). Two operations, requantization and MklRequantizePerChannelOp, are affected by this flaw.","solution":"The issue was patched in GitHub commits 9e62869465573cb2d9b5053f1fa02a81fce21d69 and 203214568f5bc237603dbab6e1fd389f1572f5c9. The fix is included in TensorFlow 2.6.0 and was backported to versions 2.5.1, 2.4.3, and 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37665","publishedAt":"2021-08-13T03:15:07.333Z","cveId":"CVE-2021-37665","cweIds":["CWE-20"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["NVIDIA"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00037,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}