{"data":{"id":"a1495d20-8f30-4c42-88fa-624a2c24c71a","title":"CVE-2021-37648: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the code for `tf.raw_ops.Sav","summary":"TensorFlow, a machine learning platform, has a vulnerability in its `SaveV2` function where input validation fails to properly stop execution, allowing an attacker to trigger a null pointer dereference (a crash caused by accessing invalid memory). The validation check uses a method that only sets an error status but doesn't actually stop the function, so harmful operations continue anyway.","solution":"The issue was patched in GitHub commit 9728c60e136912a12d99ca56e106b7cce7af5986. The fix is included in TensorFlow 2.6.0 and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37648","publishedAt":"2021-08-13T02:15:08.027Z","cveId":"CVE-2021-37648","cweIds":["CWE-476"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00014,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}