Skip to main content

Pytorch CVE-2024-31584

MEDIUM
Out-of-bounds Read (CWE-125)
2024-04-19 cve@mitre.org
5.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Apr 19, 2024 - 21:15 cve.org
MEDIUM 5.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 106 pypi packages depend on torch (98 direct, 8 indirect)

Ecosystem-wide dependent count for version 2.2.0.

DescriptionCVE.org

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

AnalysisAI

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. Affected products include: Linuxfoundation Pytorch.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2025-1945 CRITICAL POC
9.8 Mar 10

PickleScan before 0.0.23 can be bypassed by flipping specific ZIP file header flag bits, allowing malicious pickle files

CVE-2024-48063 CRITICAL POC
9.8 Oct 29

In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. Rated critical severity (CVSS 9.8), this vulnerability is

CVE-2022-45907 CRITICAL POC
9.8 Nov 26

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2024-8020 HIGH POC
7.5 Mar 20

A vulnerability in lightning-ai/pytorch-lightning version 2.3.2 allows an attacker to cause a denial of service by sendi

CVE-2025-1944 MEDIUM POC
6.5 Mar 10

picklescan before 0.0.23 is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to e

CVE-2025-32434 CRITICAL POC
9.3 Apr 18

PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built

CVE-2025-33244 CRITICAL
9.0 Mar 24

NVIDIA APEX for Linux contains a deserialization of untrusted data vulnerability that affects environments using PyTorch

CVE-2025-2953 MEDIUM POC
4.8 Mar 30

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Rated medium severity (CVSS

CVE-2025-3136 MEDIUM POC
4.8 Apr 03

A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0.cuda.memory.caching_allocator_dele

CVE-2025-3121 MEDIUM POC
4.8 Apr 02

A vulnerability classified as problematic has been found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this vulner

CVE-2025-3730 MEDIUM POC
4.8 Apr 16

A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Rated medium severity (CVSS 4.8), this

Share

CVE-2024-31584 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy