CVE-2021-37637: TensorFlow is an end-to-end open source platform for machine learning. It is possible to trigger a null pointer derefere
Summary
TensorFlow, an open source platform for machine learning, has a vulnerability where passing invalid input to a specific function (tf.raw_ops.CompressElement) can cause a null pointer dereference (an error that occurs when code tries to access memory that hasn't been properly initialized). The bug happened because the code checked the size of a data buffer without first verifying that the buffer itself was valid.
Solution / Mitigation
The issue was patched in GitHub commit 5dc7f6981fdaf74c8c5be41f393df705841fb7c5. The fix will be included in TensorFlow 2.6.0, and will also be backported (applied to older versions) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.7(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37637
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%