How severe is CVE-2021-37676?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2021-37676?

This is classified as CWE-824, which is a common weakness in software security.

CVE-2021-37676

HIGH Year: 2021

CVSS v3 Score

7.8

High

CVSS v2 Score

4.6

Medium

Weakness Type

CWE-824

View all →

Vulnerability Description

TensorFlow is an end-to-end open source platform for machine learning. In affected versions an attacker can cause undefined behavior via binding a reference to null pointer in `tf.raw_ops.SparseFillEmptyRows`. The shape inference [implementation](https://github.com/tensorflow/tensorflow/blob/460e000de3a83278fb00b61a16d161b1964f15f4/tensorflow/core/ops/sparse_ops.cc#L608-L634) does not validate that the input arguments are not empty tensors. We have patched the issue in GitHub commit 578e634b4f1c1c684d4b4294f9e5281b2133b3ed. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range.

CVE-2017-9670

HIGH

CVSS:7.8(High)

An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have...

CWE-8242017

CVE-2019-13527

HIGH

CVSS:7.8(High)

In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that ha...

CWE-8242019

CVE-2019-14060

HIGH

CVSS:7.8(High)

Uninitialized stack data gets used If memory is not allocated for blob or if the allocated blob is less than the struct size required due to lack of check of return value for read or write blob in Sna...

CWE-8242019

CVE-2019-14124

HIGH

CVSS:7.8(High)

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamo...

CWE-8242019

CVE-2020-0438

HIGH

CVSS:7.8(High)

In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbi...

CWE-8242020

CVE-2020-16203

HIGH

CVSS:7.8(High)

Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. An uninitialized pointer may be exploited by processing a specially crafted project file. Successful exploitation of this ...

CWE-8242020

CVE-2021-37676

Vulnerability Description

Related Vulnerabilities

CVE-2017-9670

CVE-2019-13527

CVE-2019-14060

CVE-2019-14124

CVE-2020-0438

CVE-2020-16203