Source: pytorch X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for pytorch. CVE-2024-31580[0]: | PyTorch before v2.2.0 was discovered to contain a heap buffer | overflow vulnerability in the component | /runtime/vararg_functions.cpp. This vulnerability allows attackers | to cause a Denial of Service (DoS) via a crafted input. https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81 CVE-2024-31583[1]: | Pytorch before version v2.2.0 was discovered to contain a use-after- | free vulnerability in torch/csrc/jit/mobile/interpreter.cpp. https://github.com/pytorch/pytorch/commit/9c7071b0e324f9fb68ab881283d6b8d388a4bcd2 CVE-2024-31584[2]: | Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via | the component torch/csrc/jit/mobile/flatbuffer_loader.cpp. https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-31580 https://www.cve.org/CVERecord?id=CVE-2024-31580 [1] https://security-tracker.debian.org/tracker/CVE-2024-31583 https://www.cve.org/CVERecord?id=CVE-2024-31583 [2] https://security-tracker.debian.org/tracker/CVE-2024-31584 https://www.cve.org/CVERecord?id=CVE-2024-31584 Please adjust the affected versions in the BTS as needed.
