CVE-2021-37667: TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefi
Summary
TensorFlow, an open source machine learning platform, has a vulnerability where an attacker can cause undefined behavior (unpredictable program crashes or malfunctions) by exploiting a flaw in the `tf.raw_ops.UnicodeEncode` function. The problem occurs because the code reads data from a tensor without first checking if that tensor is empty, which can lead to a null pointer dereference (trying to access memory that doesn't exist).
Solution / Mitigation
The issue is patched in GitHub commit 2e0ee46f1a47675152d3d865797a18358881d7a6. The fix will be included in TensorFlow 2.6.0 and will also be backported (applied to earlier versions still receiving updates) in TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.8(high)
EPSS: 0.0%
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37667
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%