CVE-2021-37651: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.r
Summary
TensorFlow, a machine learning platform, has a vulnerability in the `tf.raw_ops.FractionalAvgPoolGrad` function where it can access memory outside the bounds of allocated buffers (a buffer overflow, where a program reads from memory it shouldn't access) when given an empty input. The function fails to check whether the input is empty before trying to read from it.
Solution / Mitigation
The issue was patched in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0, and will also be applied to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.
Vulnerability Details
7.1(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37651
First tracked: February 15, 2026 at 08:39 PM
Classified by LLM (prompt v3) · confidence: 95%