Heap Buffer Overflow Vulnerability in PyTorch by Meta AI
CVE-2024-31580

Currently unrated

Key Information:

Vendor: Meta AI
Status: PyTorch
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-31580?

A heap buffer overflow vulnerability was identified in PyTorch prior to version 2.2.0, specifically within the /runtime/vararg_functions.cpp component. This flaw allows attackers to craft specific inputs that trigger the vulnerability, potentially leading to a Denial of Service (DoS). The exploitation of this vulnerability could disrupt the normal operation of applications relying on PyTorch, thereby posing a security risk to users and developers relying on this framework.

References

https://github.com/pytorch/pytorch/commit/b5c3a17c2c207eb...

https://gist.github.com/1047524396/038c78f2f007345e6f4976...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 5, 2024