{"data":{"id":"e4622f50-ad7b-47f7-8ee5-d00166269f2d","title":"CVE-2021-37658: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi","summary":"TensorFlow, a machine learning platform, has a vulnerability in its MatrixSetDiagV operations where an attacker can cause undefined behavior (unpredictable program crashes or errors) by passing an empty tensor (a data structure with no elements) as input, since the code doesn't properly validate that the input tensor has at least one element before trying to access it.","solution":"The issue was patched in GitHub commit ff8894044dfae5568ecbf2ed514c1a37dc394f1b. The fix is included in TensorFlow 2.6.0 and will be backported (applied to older versions still receiving support) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37658","publishedAt":"2021-08-13T01:15:08.667Z","cveId":"CVE-2021-37658","cweIds":["CWE-824"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00014,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["availability","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}