AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2021-37649: TensorFlow is an end-to-end open source platform for machine learning. The code for `tf.raw_ops.UncompressElement` can b

highvulnerability

security

Source: NVD/CVE DatabaseAugust 12, 2021CVE-2021-37649

Summary

TensorFlow, an open source machine learning platform, has a vulnerability in its `tf.raw_ops.UncompressElement` function where it tries to use a pointer (a reference to a location in memory) without checking if that pointer is valid, causing a null pointer dereference (crash when accessing an empty memory location). An attacker could exploit this by providing specially crafted data to crash the program.

Solution / Mitigation

The issue has been patched in GitHub commit 7bdf50bb4f5c54a4997c379092888546c97c3ebd. The fix is included in TensorFlow 2.6.0 and has been backported (applied to earlier versions) to TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4.

Vulnerability Details

CVSS Score

7.7(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Impact (CIA+S)

availabilityintegrity

AI Component TargetedFramework

Taxonomy References

CWE (Weakness Type)

CWE-476

Affected Vendors

Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-37649

First tracked: February 15, 2026 at 08:39 PM

Classified by LLM (prompt v3) · confidence: 95%