CVE-2021-37643: TensorFlow is an end-to-end open source platform for machine learning. If a user does not provide a valid padding value
highvulnerability
security
Summary
TensorFlow has a vulnerability where the MatrixDiagPartOp function doesn't check if input data exists before reading from it, causing either a null pointer dereference (a crash from accessing memory that doesn't exist) or incorrect behavior that ignores most of the data. This happens when users don't provide valid padding values to this operation.
Solution / Mitigation
The issue was patched in GitHub commit 482da92095c4d48f8784b1f00dda4f81c28d2988. The fix is included in TensorFlow 2.6.0 and was also backported to TensorFlow 2.5.1, 2.4.3, and 2.3.4.
Vulnerability Details
CVSS Score
7.7(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
Classification
Attack SophisticationTrivial
Impact (CIA+S)
availabilityintegrity
AI Component TargetedFramework
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37643
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%