CVE-2024-31584Out-of-bounds Read in Pytorch

CWE-125Out-of-bounds Read5 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 77.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Linuxfoundation PytorchDebian PytorchMsrc Cbl2 Pytorch 2.0.0-5 ON CBL Mariner 2.0+3 more
Timeline
PublishedApr 19

Description

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:LExploitability: 2.1 | Impact: 3.4

Affected Packages7 packages

debiandebian/pytorch< pytorch 2.4.1-1 (forky)
Debianlinuxfoundation/pytorch< 2.4.1-1+1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
OSV
CVE-2024-31584: Pytorch before v22024-04-19
GHSA
GHSA-vmg3-jxcp-7rqw: Pytorch before v22024-04-19

📋Vendor Advisories

2
Microsoft
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.2024-04-09
Debian
CVE-2024-31584: pytorch - Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component ...2024