{"data":{"id":"ff4d0817-7a10-4e09-b476-ff1bcda8b77a","title":"CVE-2021-37661: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause a deni","summary":"TensorFlow, a machine learning platform, has a vulnerability where attackers can crash the system by passing negative numbers to the `boosted_trees_create_quantile_stream_resource` function. The bug happens because the code doesn't check if the input is negative before using it to allocate memory (reserve, which expects an unsigned integer, or a whole number with no sign). When a negative number gets converted to an unsigned integer, it becomes a huge positive number that causes the program to crash.","solution":"The issue has been patched in GitHub commit 8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992. The fix will be included in TensorFlow 2.6.0 and will also be backported (added to older versions still being supported) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-37661","publishedAt":"2021-08-13T01:15:08.867Z","cveId":"CVE-2021-37661","cweIds":["CWE-681","CWE-681"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["TensorFlow"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00012,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}