{"data":{"id":"b9bcbc11-2115-40ac-b8e4-3763fbcce6d6","title":"CVE-2021-37666: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi","summary":"TensorFlow, an open source machine learning platform, has a vulnerability (CVE-2021-37666) where attackers can cause undefined behavior (unpredictable program crashes or errors) by exploiting incomplete validation in the RaggedTensorToVariant function. The flaw occurs when the function receives empty input values that it doesn't properly check for.","solution":"The issue has been patched in GitHub commit be7a4de6adfbd303ce08be4332554dff70362612. The fix will be included in TensorFlow 2.6.0, and will also be back-ported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37666","publishedAt":"2021-08-13T02:15:08.243Z","cveId":"CVE-2021-37666","cweIds":["CWE-824"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Google"],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00013,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}