{"data":{"id":"e84ae3a0-c9c0-4919-8771-da4d08fe355d","title":"CVE-2021-37641: TensorFlow is an end-to-end open source platform for machine learning. In affected versions if the arguments to `tf.raw_","summary":"TensorFlow, a machine learning platform, has a vulnerability in the `tf.raw_ops.RaggedGather` function where invalid input arguments can cause the program to read memory outside the bounds of allocated buffers (a heap buffer overflow). The bug occurs because the code reads tensor dimensions without first checking that the tensor has at least one dimension, and doesn't verify that required tensor lists aren't empty.","solution":"The issue was patched in GitHub commit a2b743f6017d7b97af1fe49087ae15f0ac634373. The fix is included in TensorFlow 2.6.0 and was also backported (applied to older versions) to TensorFlow 2.5.1, 2.4.3, and 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37641","publishedAt":"2021-08-13T01:15:07.670Z","cveId":"CVE-2021-37641","cweIds":["CWE-125"],"cvssScore":"7.3","cvssSeverity":"high","severity":"high","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00013,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}