GHSA-h952-963h-rv99

Suggest an improvement
Source
https://github.com/advisories/GHSA-h952-963h-rv99
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-h952-963h-rv99/GHSA-h952-963h-rv99.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-h952-963h-rv99
Aliases
Published
2025-07-11T18:30:34Z
Modified
2025-07-11T23:58:21.750913Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
Summary
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
Details

A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f

Database specific 
{
    "github_reviewed_at": "2025-07-11T22:57:06Z",
    "cwe_ids": [
        "CWE-122"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2025-07-11T18:15:33Z",
    "github_reviewed": true
}
References

Affected packages

PyPI / executorch

Package

Name
executorch
View open source insights on deps.dev
Purl
pkg:pypi/executorch

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.6.0

Affected versions

0.*

0.1.0
0.1.2
0.2.0
0.2.1
0.3.0
0.4.0
0.5.0
0.6.0