cvelistv5 - CVE-2024-31580

CVE-2024-31580 (GCVE-0-2024-31580)

Vulnerability from cvelistv5

Published

2024-04-17 00:00

Modified

2025-03-28 23:47

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

Summary

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

References

URL

Tags

cve@mitre.org	https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d	Third Party Advisory
cve@mitre.org	https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81	Patch
af854a3a-2127-422b-91ae-364da2661108	https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81	Patch

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pytorch:pytorch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "pytorch",
            "vendor": "pytorch",
            "versions": [
              {
                "lessThan": "2.2.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "LOW",
              "baseScore": 4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-31580",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T18:39:32.971436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-122",
                "description": "CWE-122 Heap-based Buffer Overflow",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-28T23:47:41.729Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:52:57.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-17T18:18:00.237Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
        },
        {
          "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-31580",
    "datePublished": "2024-04-17T00:00:00.000Z",
    "dateReserved": "2024-04-05T00:00:00.000Z",
    "dateUpdated": "2025-03-28T23:47:41.729Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-31580\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2024-04-17T19:15:07.783\",\"lastModified\":\"2025-06-10T17:38:16.883\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.\"},{\"lang\":\"es\",\"value\":\"Se descubri\u00f3 que PyTorch anterior a v2.2.0 conten\u00eda una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el componente /runtime/vararg_functions.cpp. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":4.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.5,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*\",\"versionEndExcluding\":\"2.2.0\",\"matchCriteriaId\":\"CA1ACB1F-9056-4D41-A8C8-33921420D4C2\"}]}]}],\"references\":[{\"url\":\"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:52:57.296Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-31580\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-10T18:39:32.971436Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pytorch:pytorch:*:*:*:*:*:*:*:*\"], \"vendor\": \"pytorch\", \"product\": \"pytorch\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.2.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-10T18:38:25.034Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81\"}, {\"url\": \"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2024-04-17T18:18:00.237Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-31580\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-28T23:47:41.729Z\", \"dateReserved\": \"2024-04-05T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2024-04-17T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

ghsa-5pcm-hx3q-hm94

Vulnerability from github

Published

2024-04-17 21:30

Modified

2025-06-11 13:39

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Summary

PyTorch heap buffer overflow vulnerability

Details

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "torch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-31580"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-25T10:11:23Z",
    "nvd_published_at": "2024-04-17T19:15:07Z",
    "severity": "HIGH"
  },
  "details": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
  "id": "GHSA-5pcm-hx3q-hm94",
  "modified": "2025-06-11T13:39:30Z",
  "published": "2024-04-17T21:30:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/torch/PYSEC-2024-252.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pytorch/pytorch"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-PYTHON-TORCH-6649934"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PyTorch heap buffer overflow vulnerability"
}

fkie_cve-2024-31580

Vulnerability from fkie_nvd

Published

2024-04-17 19:15

Modified

2025-06-10 17:38

Severity ?

4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Summary

References

URL	Tags
cve@mitre.org	https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d	Third Party Advisory
cve@mitre.org	https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81	Patch
af854a3a-2127-422b-91ae-364da2661108	https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81	Patch

Impacted products

	Vendor	Product	Version
	linuxfoundation	pytorch	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:linuxfoundation:pytorch:*:*:*:*:*:python:*:*",
              "matchCriteriaId": "CA1ACB1F-9056-4D41-A8C8-33921420D4C2",
              "versionEndExcluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 que PyTorch anterior a v2.2.0 conten\u00eda una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el componente /runtime/vararg_functions.cpp. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
    }
  ],
  "id": "CVE-2024-31580",
  "lastModified": "2025-06-10T17:38:16.883",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.0,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-04-17T19:15:07.783",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

msrc_cve-2024-31580

Vulnerability from csaf_microsoft

Published

2024-04-02 07:00

Modified

2025-03-29 00:00

Summary

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-31580.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
    "tracking": {
      "current_release_date": "2025-03-29T00:00:00.000Z",
      "generator": {
        "date": "2025-10-20T01:14:16.771Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-31580",
      "initial_release_date": "2024-04-02T07:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-04-22T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2025-03-29T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added pytorch to CBL-Mariner 2.0"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 pytorch 2.0.0-4",
                "product": {
                  "name": "\u003ccbl2 pytorch 2.0.0-4",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 pytorch 2.0.0-4",
                "product": {
                  "name": "cbl2 pytorch 2.0.0-4",
                  "product_id": "17361"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 pytorch 2.0.0-8",
                "product": {
                  "name": "\u003ccbl2 pytorch 2.0.0-8",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 pytorch 2.0.0-8",
                "product": {
                  "name": "cbl2 pytorch 2.0.0-8",
                  "product_id": "19909"
                }
              }
            ],
            "category": "product_name",
            "name": "pytorch"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 pytorch 2.0.0-4 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 pytorch 2.0.0-4 as a component of CBL Mariner 2.0",
          "product_id": "17361-17086"
        },
        "product_reference": "17361",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 pytorch 2.0.0-8 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 pytorch 2.0.0-8 as a component of CBL Mariner 2.0",
          "product_id": "19909-17086"
        },
        "product_reference": "19909",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-31580",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "17361-17086",
          "19909-17086"
        ],
        "known_affected": [
          "17086-2",
          "17086-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-31580.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-04-22T00:00:00.000Z",
          "details": "2.0.0-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-2",
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.0,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 4.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "17086-2",
            "17086-1"
          ]
        }
      ],
      "title": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
    }
  ]
}

CERTFR-2025-AVI-0538

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Postgres versions antérieures à 13.21.0
VMware	Tanzu	Tanzu pour Postgres versions 14.x antérieures à 14.18.0
VMware	Tanzu	Tanzu pour Postgres versions 17.x antérieures à 17.5.0
VMware	Tanzu	Tanzu pour Postgres versions 16x antérieures à 16.9.0
VMware	Tanzu	Tanzu pour Postgres versions 15.x antérieures à 15.13.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35866	2025-06-25	vendor-advisory
Bulletin de sécurité VMware 35867	2025-06-25	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Postgres versions ant\u00e9rieures \u00e0 13.21.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 14.x ant\u00e9rieures \u00e0 14.18.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 17.x ant\u00e9rieures \u00e0 17.5.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 16x ant\u00e9rieures \u00e0 16.9.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Postgres versions 15.x ant\u00e9rieures \u00e0 15.13.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-29483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2024-5998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5998"
    },
    {
      "name": "CVE-2024-31583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31583"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2024-11392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11392"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2023-50447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50447"
    },
    {
      "name": "CVE-2024-34062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
    },
    {
      "name": "CVE-2024-7804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7804"
    },
    {
      "name": "CVE-2024-39705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39705"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-3571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3571"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2024-24788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
    },
    {
      "name": "CVE-2024-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3095"
    },
    {
      "name": "CVE-2024-22195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22195"
    },
    {
      "name": "CVE-2024-11393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11393"
    },
    {
      "name": "CVE-2024-28219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28219"
    },
    {
      "name": "CVE-2024-53899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
    },
    {
      "name": "CVE-2024-12720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12720"
    },
    {
      "name": "CVE-2024-30251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-20916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20916"
    },
    {
      "name": "CVE-2024-56201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
    },
    {
      "name": "CVE-2024-5569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-5206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
    },
    {
      "name": "CVE-2024-27454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27454"
    },
    {
      "name": "CVE-2024-42367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42367"
    },
    {
      "name": "CVE-2024-43497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43497"
    },
    {
      "name": "CVE-2024-8309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8309"
    },
    {
      "name": "CVE-2024-0243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0243"
    },
    {
      "name": "CVE-2024-31580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31580"
    },
    {
      "name": "CVE-2024-24787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
    },
    {
      "name": "CVE-2024-52304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
    },
    {
      "name": "CVE-2025-4207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4207"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2022-42969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42969"
    },
    {
      "name": "CVE-2025-1094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
    },
    {
      "name": "CVE-2024-34064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
    },
    {
      "name": "CVE-2024-23829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
    },
    {
      "name": "CVE-2024-11394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11394"
    },
    {
      "name": "CVE-2023-47248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47248"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2024-24786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2024-2965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2965"
    },
    {
      "name": "CVE-2024-28088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28088"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-1455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1455"
    },
    {
      "name": "CVE-2024-23334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
    }
  ],
  "initial_release_date": "2025-06-26T00:00:00",
  "last_revision_date": "2025-06-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0538",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35866",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35866"
    },
    {
      "published_at": "2025-06-25",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35867",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35867"
    }
  ]
}

CERTFR-2024-AVI-0670

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Splunk Machine Learning Toolkit. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Splunk	Machine Learning Toolkit	Machine Learning Toolkit versions antérieures à 5.4.2 avec un version de Python for Scientific Computing antérieures à 4.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2024-0801

2024-08-12

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Machine Learning Toolkit versions ant\u00e9rieures \u00e0 5.4.2 avec un version de Python for Scientific Computing ant\u00e9rieures \u00e0 4.2.1 ",
      "product": {
        "name": "Machine Learning Toolkit",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-40899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40899"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2024-31583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31583"
    },
    {
      "name": "CVE-2022-25882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25882"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2024-3772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3772"
    },
    {
      "name": "CVE-2020-28975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28975"
    },
    {
      "name": "CVE-2024-3568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3568"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-7018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7018"
    },
    {
      "name": "CVE-2024-34062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34062"
    },
    {
      "name": "CVE-2024-27319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27319"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2024-27318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27318"
    },
    {
      "name": "CVE-2022-45907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45907"
    },
    {
      "name": "CVE-2020-28473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28473"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2023-6730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6730"
    },
    {
      "name": "CVE-2024-5206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5206"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2024-31580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31580"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2023-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2800"
    },
    {
      "name": "CVE-2022-31799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31799"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2023-25399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25399"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    }
  ],
  "initial_release_date": "2024-08-13T00:00:00",
  "last_revision_date": "2024-08-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0670",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Splunk Machine Learning Toolkit. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Splunk Machine Learning Toolkit",
  "vendor_advisories": [
    {
      "published_at": "2024-08-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2024-0801",
      "url": "https://advisory.splunk.com/advisories/SVD-2024-0801"
    }
  ]
}

pysec-2024-252

Vulnerability from pysec

Published

2024-04-17 19:15

Modified

2025-06-10 19:22

Details

Impacted products

Name	purl
torch	pkg:pypi/torch

Aliases

CVE-2024-31580

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "torch",
        "purl": "pkg:pypi/torch"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
            },
            {
              "fixed": "b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
            }
          ],
          "repo": "https://github.com/pytorch/pytorch",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.0.0",
        "1.0.1",
        "1.1.0",
        "1.10.0",
        "1.10.1",
        "1.10.2",
        "1.11.0",
        "1.12.0",
        "1.12.1",
        "1.13.0",
        "1.13.1",
        "1.2.0",
        "1.3.0",
        "1.3.1",
        "1.4.0",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.7.0",
        "1.7.1",
        "1.8.0",
        "1.8.1",
        "1.9.0",
        "1.9.1",
        "2.0.0",
        "2.0.1",
        "2.1.0",
        "2.1.1",
        "2.1.2"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-31580"
  ],
  "details": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
  "id": "PYSEC-2024-252",
  "modified": "2025-06-10T19:22:08.948962+00:00",
  "published": "2024-04-17T19:15:07+00:00",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
    }
  ]
}

wid-sec-w-2024-0922

Vulnerability from csaf_certbund

Published

2024-04-17 22:00

Modified

2024-08-12 22:00

Summary

PyTorch: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

PyTorch ist eine Tensor-Bibliothek für Deep Learning mit GPUs und CPUs.

Angriff

Ein Angreifer kann mehrere Schwachstellen in PyTorch ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PyTorch ist eine Tensor-Bibliothek f\u00fcr Deep Learning mit GPUs und CPUs.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in PyTorch ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0922 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0922.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0922 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0922"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-04-17",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-04-17",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
      }
    ],
    "source_lang": "en-US",
    "title": "PyTorch: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-08-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:57.825+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0922",
      "initial_release_date": "2024-04-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.2.0",
                "product": {
                  "name": "Open Source PyTorch \u003c2.2.0",
                  "product_id": "T034306"
                }
              }
            ],
            "category": "product_name",
            "name": "PyTorch"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Splunk Splunk Enterprise",
            "product": {
              "name": "Splunk Splunk Enterprise",
              "product_id": "T008911",
              "product_identification_helper": {
                "cpe": "cpe:/a:splunk:splunk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-31580",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in PyTorch. Diese Fehler bestehen in den Funktionen interpreter.cpp. und vararg_functions.cpp. aufgrund eines Heap-Puffer\u00fcberlaufs und eines use-after-free Problems. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008911"
        ]
      },
      "release_date": "2024-04-17T22:00:00.000+00:00",
      "title": "CVE-2024-31580"
    },
    {
      "cve": "CVE-2024-31583",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in PyTorch. Diese Fehler bestehen in den Funktionen interpreter.cpp. und vararg_functions.cpp. aufgrund eines Heap-Puffer\u00fcberlaufs und eines use-after-free Problems. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008911"
        ]
      },
      "release_date": "2024-04-17T22:00:00.000+00:00",
      "title": "CVE-2024-31583"
    }
  ]
}

WID-SEC-W-2024-0922

Vulnerability from csaf_certbund

Published

2024-04-17 22:00

Modified

2024-08-12 22:00

Summary

PyTorch: Mehrere Schwachstellen ermöglichen Denial of Service

Notes

Produktbeschreibung

PyTorch ist eine Tensor-Bibliothek für Deep Learning mit GPUs und CPUs.

Angriff

Ein Angreifer kann mehrere Schwachstellen in PyTorch ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme

- UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "PyTorch ist eine Tensor-Bibliothek f\u00fcr Deep Learning mit GPUs und CPUs.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in PyTorch ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0922 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0922.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0922 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0922"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-04-17",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31580"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-04-17",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31583"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0801 vom 2024-08-12",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0801"
      }
    ],
    "source_lang": "en-US",
    "title": "PyTorch: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
    "tracking": {
      "current_release_date": "2024-08-12T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:07:57.825+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0922",
      "initial_release_date": "2024-04-17T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-17T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-08-12T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c2.2.0",
                "product": {
                  "name": "Open Source PyTorch \u003c2.2.0",
                  "product_id": "T034306"
                }
              }
            ],
            "category": "product_name",
            "name": "PyTorch"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Splunk Splunk Enterprise",
            "product": {
              "name": "Splunk Splunk Enterprise",
              "product_id": "T008911",
              "product_identification_helper": {
                "cpe": "cpe:/a:splunk:splunk:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-31580",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in PyTorch. Diese Fehler bestehen in den Funktionen interpreter.cpp. und vararg_functions.cpp. aufgrund eines Heap-Puffer\u00fcberlaufs und eines use-after-free Problems. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008911"
        ]
      },
      "release_date": "2024-04-17T22:00:00.000+00:00",
      "title": "CVE-2024-31580"
    },
    {
      "cve": "CVE-2024-31583",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in PyTorch. Diese Fehler bestehen in den Funktionen interpreter.cpp. und vararg_functions.cpp. aufgrund eines Heap-Puffer\u00fcberlaufs und eines use-after-free Problems. Ein Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008911"
        ]
      },
      "release_date": "2024-04-17T22:00:00.000+00:00",
      "title": "CVE-2024-31583"
    }
  ]
}

gsd-2024-31580

Vulnerability from gsd

Modified

2024-04-11 05:03

Details

Aliases

CVE-2024-31580

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-31580"
      ],
      "details": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.",
      "id": "GSD-2024-31580",
      "modified": "2024-04-11T05:03:20.606878Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-31580",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
            "refsource": "MISC",
            "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
          },
          {
            "name": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d",
            "refsource": "MISC",
            "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
          }
        ],
        "id": "CVE-2024-31580",
        "lastModified": "2024-04-17T20:08:21.887",
        "metrics": {},
        "published": "2024-04-17T19:15:07.783",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2024-31580 (GCVE-0-2024-31580)

Vulnerability from cvelistv5

Vulnerability from github

Vulnerability from fkie_nvd

Vulnerability from csaf_microsoft

Vulnerability from certfr_avis

Solutions

Vulnerability from certfr_avis

Solutions

Vulnerability from pysec

Vulnerability from csaf_certbund

Vulnerability from csaf_certbund

Vulnerability from gsd

Tags

Sightings

Nomenclature