CVE-2025-30402
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-30402
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-30402.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-30402
- Aliases
- Published
- 2025-07-11T18:15:33.340Z
- Modified
- 2025-11-16T15:29:49.699536Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
- References
Affected packages
Git / github.com/pytorch/executorch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/pytorch/executorch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
ciflow/binaries/all/sdym
ciflow/binaries/sdym
stable-2023-08-01
stable-2023-08-15
stable-2023-08-29
stable-2023-09-12
stable-2023-09-19
v0.*
v0.1.0-rc1
v0.2.0-rc1
Database specific
vanir_signatures
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"171432949322291117355945229711807023953",
"299373515690774481358020390649686198753",
"242841760907499211486838602773840731851",
"144192044550326894550981364353753848815",
"197323750424308885027233676695684273159",
"271009571954446729091065907327564175691",
"205092980954240165401470866130121996509",
"236143253699083356072700157180954007832",
"84308271667666657884065257893911687217",
"106956963467514092166314793085483000939",
"156301273979640697730149883800685683073",
"296959515096674546925081728301778331114",
"75053671515812773143224228816013318036"
]
},
"target": {
"file": "runtime/executor/test/method_meta_test.cpp"
},
"source": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-30402-57eaea5b",
"signature_type": "Line"
},
{
"digest": {
"function_hash": "306326485614068124087942198550972443778",
"length": 215.0
},
"target": {
"file": "runtime/executor/method_meta.cpp",
"function": "calculate_nbytes"
},
"source": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-30402-70eb3e96",
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"255715795262339041444023741372225131475",
"215070988325198653738653872342825562949",
"326404110377927407724359535801718920998",
"108690749180450374035402411366454870014",
"69040297860641471100044046056439774806",
"203755115844283264197198191236706510454",
"131325377426386145205178143156868549337",
"269565809294523507478263705860811994281"
]
},
"target": {
"file": "runtime/executor/method_meta.h"
},
"source": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-30402-be68137f",
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"75735287619305501952517109170801128143",
"288732472251455090662272580593751631380",
"120404267144202138552995062800958398510",
"230365774724856528459289054369988833005",
"44538765674013094656124112471959722256",
"92617464741885071234438102595035666090",
"111846693431572105770341085444092972957",
"182105955921053927043387412203537015527"
]
},
"target": {
"file": "runtime/executor/method_meta.cpp"
},
"source": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-30402-e7099a8d",
"signature_type": "Line"
}
]