{"data":{"id":"ba873757-7508-4ba9-a188-135a3a3d6f6b","title":"CVE-2021-37681: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of SVDF i","summary":"TensorFlow (an open source machine learning platform) has a vulnerability in its SVDF implementation (a neural network component) in TFLite (a lightweight version for mobile devices) where a null pointer error (attempting to use data that doesn't exist in memory) can occur. The bug happens because the `GetVariableInput` function can return a null pointer, but the code doesn't check for this before trying to use it as valid data.","solution":"The issue has been patched in GitHub commit 5b048e87e4e55990dae6b547add4dae59f4e1c76. The fix will be included in TensorFlow 2.6.0, and will also be backported (adapted for older versions) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37681","publishedAt":"2021-08-13T02:15:08.867Z","cveId":"CVE-2021-37681","cweIds":["CWE-476"],"cvssScore":"7.8","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00037,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}