CVE-2024-31580

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-31580
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31580.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31580
Aliases
Downstream
Published
2024-04-17T19:15:07.783Z
Modified
2026-03-12T02:59:59.220Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

References

Affected packages

Git / github.com/pytorch/pytorch

Affected ranges

Type
GIT
Repo
https://github.com/pytorch/pytorch
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
8ac9b20d4b090c213799e81acf48a55ea8d437d6
Fixed
b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.0"
        }
    ]
}

Affected versions

Other
bc2caa7fdf006894eff7af936babde69ab5a40f8-huydhn-debug
ciflow/inductor/3b9a386
ciflow/inductor/3d4b92b
ciflow/inductor/d224ac7
ciflow/periodic/054a2fd
ciflow/periodic/2a6d37d
ciflow/periodic/317eeb8
ciflow/periodic/3c32
ciflow/periodic/3e98831
ciflow/periodic/94512-point
ciflow/periodic/csl/test87519
ciflow/periodic/csltest88275
ciflow/periodic/csltest88761
ciflow/periodic/sha-ec5b83
ciflow/slow/01c7106
ciflow/slow/0577043
ciflow/slow/0d5b74da0cab798fbfdb9caa53fad816999c8386-sdym
ciflow/slow/0e81104
ciflow/slow/1732077
ciflow/slow/187eb7c
ciflow/slow/1faef89
ciflow/slow/3920ec1
ciflow/slow/3b7c6b2
ciflow/slow/59a3759
ciflow/slow/70ef0bb
ciflow/slow/788ff06
ciflow/slow/8751002215790a3a88750faa8f4366933e296693-sdym
ciflow/slow/9d85864
ciflow/slow/9ffad5b
ciflow/slow/a206e8b
ciflow/slow/a837609
ciflow/slow/af841f3
ciflow/slow/da3aba1e46157c4df504b067477cdf2b3c96b194-sdym
ciflow/unstable/123
malfet/tag-2ef5611
malfet/tag-317b1a0
malfet/tag-ec6f767
nightly-binary
v0.*
v0.1.1
v0.1.10
v0.1.11
v0.1.2
v0.1.3
v0.1.4
v0.1.5
v0.1.6
v0.1.7
v0.1.8
v0.1.9
v1.*
v1.0.0a0
v1.0rc0
v1.0rc1
v1.1.0a0
v1.2.0a0
v1.3.0a0
v1.4.0a0
v1.8.0-rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31580.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "177212597411118124202478742030508243218",
            "length": 1070.0
        },
        "source": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
        "signature_type": "Function",
        "id": "CVE-2024-31580-32e4346e",
        "target": {
            "file": "torch/csrc/jit/runtime/vararg_functions.cpp",
            "function": "tupleConstruct"
        }
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "122402175758227357894067518701770309718",
                "148624457286558011395772266585298619984",
                "264756394319484961386458264875539426314",
                "204288781394093359214353439803224706057"
            ]
        },
        "source": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
        "signature_type": "Line",
        "id": "CVE-2024-31580-65aa6a70",
        "target": {
            "file": "torch/csrc/jit/runtime/vararg_functions.cpp"
        }
    }
]