CVE-2024-31583Use After Free in Pytorch

CWE-416Use After Free6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 84.93%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linuxfoundation PytorchDebian PytorchMsrc Cbl2 Pytorch 2.0.0-4 ON CBL Mariner 2.0+3 more
Timeline
PublishedApr 17

Description

Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

debiandebian/pytorch< pytorch 2.4.1-1 (forky)
Debianlinuxfoundation/pytorch< 2.4.1-1+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Pytorch use-after-free vulnerability2024-04-17
GHSA
Pytorch use-after-free vulnerability2024-04-17
OSV
CVE-2024-31583: Pytorch before version v22024-04-17

📋Vendor Advisories

2
Microsoft
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.2024-04-09
Debian
CVE-2024-31583: pytorch - Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnera...2024