AZL-39930

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39930.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-39930

Upstream

CVE-2024-31580

Published

2024-04-17T19:15:07Z

Modified

2026-04-21T04:28:52.044500Z

Summary

CVE-2024-31580 affecting package pytorch for versions less than 2.0.0-4

Details

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-31580

Affected packages

Azure Linux:2 / pytorch

Package

Name: pytorch
Purl: pkg:rpm/azure-linux/pytorch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-4

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-39930.json"