CVE-2021-37670: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can read from ou
Summary
TensorFlow, an open source machine learning platform, has a vulnerability where attackers can read data outside the intended memory bounds by sending specially crafted arguments to certain functions like `tf.raw_ops.UpperBound` and `tf.raw_ops.LowerBound`. The vulnerability exists because the code doesn't properly validate the rank (the number of dimensions) of the input data it receives. This could allow attackers to access sensitive information stored in memory.
Solution / Mitigation
The issue was patched in GitHub commit 42459e4273c2e47a3232cc16c4f4fff3b3a35c38. The fix will be included in TensorFlow 2.6.0 and will also be backported to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
5.5(medium)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37670
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%