AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37645: TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation of `tf.ra

mediumvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37645

Summary

TensorFlow, an open-source machine learning platform, has a vulnerability in the `tf.raw_ops.QuantizeAndDequantizeV4Grad` function where a negative integer is incorrectly converted to an unsigned integer, causing an integer overflow (when a number becomes too large for its data type) and potentially allocating excessive memory. This bug could allow attackers to crash the system or cause other harmful effects.

Solution / Mitigation

The issue was patched in GitHub commit 96f364a1ca3009f98980021c4b32be5fdcca33a1. Users should update to TensorFlow 2.6.0, or apply the cherrypicked fix available in TensorFlow 2.5.1 and TensorFlow 2.4.3.

Vulnerability Details

CVSS Score

5.5(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityavailability

Taxonomy References

CWE (Weakness Type)

CWE-681

Affected Vendors

Google

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%