CVE-2024-31580

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31580

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31580.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-31580

Aliases

Downstream

DEBIAN-CVE-2024-31580

UBUNTU-CVE-2024-31580

Published

2024-04-17T19:15:07.783Z

Modified

2025-11-15T20:00:50.843098Z

Severity

4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

References

Affected packages

Git / github.com/pytorch/pytorch

Affected ranges

Type: GIT
Repo: https://github.com/pytorch/pytorch
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b5c3a17c2c207ebefcb85043f0cf94be9b2fef81

Affected versions

Other

bc2caa7fdf006894eff7af936babde69ab5a40f8-huydhn-debug

ciflow/inductor/3b9a386

ciflow/inductor/3d4b92b

ciflow/inductor/d224ac7

ciflow/periodic/054a2fd

ciflow/periodic/2a6d37d

ciflow/periodic/317eeb8

ciflow/periodic/3c32

ciflow/periodic/3e98831

ciflow/periodic/94512-point

ciflow/periodic/csl/test87519

ciflow/periodic/csltest88275

ciflow/periodic/csltest88761

ciflow/periodic/sha-ec5b83

ciflow/slow/01c7106

ciflow/slow/0577043

ciflow/slow/0d5b74da0cab798fbfdb9caa53fad816999c8386-sdym

ciflow/slow/0e81104

ciflow/slow/1732077

ciflow/slow/187eb7c

ciflow/slow/1faef89

ciflow/slow/3920ec1

ciflow/slow/3b7c6b2

ciflow/slow/59a3759

ciflow/slow/70ef0bb

ciflow/slow/788ff06

ciflow/slow/8751002215790a3a88750faa8f4366933e296693-sdym

ciflow/slow/9d85864

ciflow/slow/9ffad5b

ciflow/slow/a206e8b

ciflow/slow/a837609

ciflow/slow/af841f3

ciflow/slow/da3aba1e46157c4df504b067477cdf2b3c96b194-sdym

ciflow/unstable/123

malfet/tag-2ef5611

malfet/tag-317b1a0

malfet/tag-ec6f767

nightly-binary

v0.*

v0.1.1

v0.1.10

v0.1.11

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v1.*

v1.0.0a0

v1.0rc0

v1.0rc1

v1.1.0a0

v1.2.0a0

v1.3.0a0

v1.4.0a0

v1.8.0-rc1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-31580-32e4346e",
        "source": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
        "target": {
            "function": "tupleConstruct",
            "file": "torch/csrc/jit/runtime/vararg_functions.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "function_hash": "177212597411118124202478742030508243218",
            "length": 1070.0
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2024-31580-65aa6a70",
        "source": "https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81",
        "target": {
            "file": "torch/csrc/jit/runtime/vararg_functions.cpp"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "122402175758227357894067518701770309718",
                "148624457286558011395772266585298619984",
                "264756394319484961386458264875539426314",
                "204288781394093359214353439803224706057"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    }
]