Pytorch
CVE-2024-31584
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
1Blast Radius
ecosystem impact- 106 pypi packages depend on torch (98 direct, 8 indirect)
Ecosystem-wide dependent count for version 2.2.0.
DescriptionCVE.org
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
AnalysisAI
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Affected products include: Linuxfoundation Pytorch.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
PickleScan before 0.0.23 can be bypassed by flipping specific ZIP file header flag bits, allowing malicious pickle files
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. Rated critical severity (CVSS 9.8), this vulnerability is
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is
PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]
A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sendi
picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built
NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_dele
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulner
A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today