CVE-2024-31584

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31584

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31584.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-31584

Aliases

Downstream

DEBIAN-CVE-2024-31584

UBUNTU-CVE-2024-31584

Published

2024-04-19T21:15:08Z

Modified

2025-10-21T21:02:09.409655Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

References

Affected packages

Git / github.com/pytorch/pytorch

Affected ranges

Type: GIT
Repo: https://github.com/pytorch/pytorch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7c35874ad664e74c8e4252d67521f3986eadb0e6

Affected versions

Other

bc2caa7fdf006894eff7af936babde69ab5a40f8-huydhn-debug

ciflow/inductor/3b9a386

ciflow/inductor/3d4b92b

ciflow/inductor/d224ac7

ciflow/periodic/054a2fd

ciflow/periodic/2a6d37d

ciflow/periodic/317eeb8

ciflow/periodic/3c32

ciflow/periodic/3e98831

ciflow/periodic/94512-point

ciflow/periodic/csl/test87519

ciflow/periodic/csltest88275

ciflow/periodic/csltest88761

ciflow/periodic/sha-ec5b83

ciflow/slow/01c7106

ciflow/slow/0577043

ciflow/slow/0d5b74da0cab798fbfdb9caa53fad816999c8386-sdym

ciflow/slow/0e81104

ciflow/slow/1732077

ciflow/slow/187eb7c

ciflow/slow/1faef89

ciflow/slow/3920ec1

ciflow/slow/3b7c6b2

ciflow/slow/59a3759

ciflow/slow/70ef0bb

ciflow/slow/788ff06

ciflow/slow/8751002215790a3a88750faa8f4366933e296693-sdym

ciflow/slow/9d85864

ciflow/slow/9ffad5b

ciflow/slow/a206e8b

ciflow/slow/a837609

ciflow/slow/af841f3

ciflow/slow/da3aba1e46157c4df504b067477cdf2b3c96b194-sdym

ciflow/unstable/123

malfet/tag-2ef5611

malfet/tag-317b1a0

malfet/tag-ec6f767

nightly-binary

v0.*

v0.1.1

v0.1.10

v0.1.11

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v1.*

v1.0.0a0

v1.0rc0

v1.0rc1

v1.1.0a0

v1.2.0a0

v1.3.0a0

v1.4.0a0

v1.8.0-rc1

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-31584-0d83c28f",
        "target": {
            "file": "torch/csrc/jit/mobile/flatbuffer_loader.cpp"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "73924839185676104863459105402130033064",
                "12116427904939260286894645868788306222",
                "324318308147286460958469659025962953122",
                "2248410013577482140896826655308268437"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2024-31584-217d6031",
        "target": {
            "function": "FlatbufferLoader::parseModule",
            "file": "torch/csrc/jit/mobile/flatbuffer_loader.cpp"
        },
        "signature_type": "Function",
        "digest": {
            "length": 1514.0,
            "function_hash": "55576803198432511994628715333552249560"
        },
        "source": "https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6"
    }
]