AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37650: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.r

highvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37650

Summary

TensorFlow, a machine learning platform, has a vulnerability in two functions that can cause a heap buffer overflow (writing data past the end of allocated memory) and crash the program when processing dataset records. The code incorrectly assumes all records are strings without checking, but users might pass numeric types instead, triggering the error.

Solution / Mitigation

The issue was patched in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876. The fix is included in TensorFlow 2.6.0 and was also applied to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.

Vulnerability Details

CVSS Score

7.8(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-120 CWE-787

CAPEC (Attack Pattern)

CAPEC-100

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37650

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%