CVE-2024-31580Heap-based Buffer Overflow in Pytorch

CWE-122Heap-based Buffer Overflow6 documents5 sources
Severity
4.0MEDIUMNVD
EPSS
0.0%
top 93.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Linuxfoundation PytorchDebian PytorchMsrc Cbl2 Pytorch 2.0.0-4 ON CBL Mariner 2.0+1 more
Timeline
PublishedApr 17

Description

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.5 | Impact: 1.4

Affected Packages5 packages

debiandebian/pytorch< pytorch 2.4.1-1 (forky)
Debianlinuxfoundation/pytorch< 2.4.1-1+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
PyTorch heap buffer overflow vulnerability2024-04-17
GHSA
PyTorch heap buffer overflow vulnerability2024-04-17
OSV
CVE-2024-31580: PyTorch before v22024-04-17

📋Vendor Advisories

2
Microsoft
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (D2024-04-09
Debian
CVE-2024-31580: pytorch - PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerabi...2024