GHSA-3749-ghw9-m3mg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3749-ghw9-m3mg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-3749-ghw9-m3mg/GHSA-3749-ghw9-m3mg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-3749-ghw9-m3mg
- Aliases
- Published
- 2025-03-30T18:30:24Z
- Modified
- 2025-04-23T15:08:58.828290Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- PyTorch susceptible to local Denial of Service
- Details
-
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnnmaxpool2d. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
- Database specific
{ "nvd_published_at": "2025-03-30T16:15:14Z", "cwe_ids": [ "CWE-404" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2025-04-15T21:24:26Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2025-2953
- https://github.com/pytorch/pytorch/issues/149274
- https://github.com/pytorch/pytorch/issues/149274#issue-2923122269
- https://github.com/pytorch/pytorch
- https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models
- https://vuldb.com/?ctiid.302006
- https://vuldb.com/?id.302006
- https://vuldb.com/?submit.521279
Affected packages
PyPI / torch
Package
- Name
- torch
- View open source insights on deps.dev
- Purl
- pkg:pypi/torch