CVE-2021-37646: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.ra
Summary
TensorFlow (an open-source machine learning platform) has a vulnerability in the `tf.raw_ops.StringNGrams` function where negative input values cause an integer overflow (a bug where a number wraps around to an unexpectedly large value). When a negative value is converted to an unsigned integer (a number that can only be positive) for memory allocation, it becomes a very large number, potentially causing the program to crash or behave unexpectedly.
Solution / Mitigation
The issue is patched in GitHub commit c283e542a3f422420cfdb332414543b62fc4e4a5. The fix will be included in TensorFlow 2.6.0 and will also be cherry-picked (applied to older supported versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
5.5(medium)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37646
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%