CVE-2025-2999
- EPSS 0.17%
- Veröffentlicht 31.03.2025 15:15:44
- Zuletzt bearbeitet 29.05.2025 15:53:46
A vulnerability was found in PyTorch 2.6.0. It has been rated as critical. Affected by this issue is the function torch.nn.utils.rnn.unpack_sequence. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has bee...
CVE-2025-2998
- EPSS 0.14%
- Veröffentlicht 31.03.2025 14:15:20
- Zuletzt bearbeitet 29.05.2025 15:53:57
A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach thi...
CVE-2024-48063
- EPSS 18.49%
- Veröffentlicht 29.10.2024 21:15:04
- Zuletzt bearbeitet 16.07.2025 00:25:40
In PyTorch <=2.4.1, the RemoteModule has Deserialization RCE. NOTE: this is disputed by multiple parties because this is intended behavior in PyTorch distributed computing.
CVE-2024-31584
- EPSS 0.08%
- Veröffentlicht 19.04.2024 21:15:08
- Zuletzt bearbeitet 03.06.2025 14:04:04
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVE-2024-31583
- EPSS 0.05%
- Veröffentlicht 17.04.2024 19:15:07
- Zuletzt bearbeitet 10.06.2025 01:33:43
Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
- EPSS 0.02%
- Veröffentlicht 17.04.2024 19:15:07
- Zuletzt bearbeitet 10.06.2025 17:38:16
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2022-45907
- EPSS 0.3%
- Veröffentlicht 26.11.2022 02:15:10
- Zuletzt bearbeitet 25.04.2025 20:15:37
In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.