We use cookies to improve your experience on our site.
AVID-2026-R1466
Description
Vulnerability CVE-2024-31580
Details
PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Reason for inclusion in AVID: CVE-2024-31580 is a vulnerability in PyTorch (an AI framework) causing a heap buffer overflow that leads to Denial of Service. PyTorch is a core component used to build, train, deploy, and serve general-purpose AI systems, making this a software supply-chain vulnerability in the AI stack. The report cites an NVD entry and repository commits, providing explicit evidence of the vulnerability and its context.
References
- NVD entry
- https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
- https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-04-17
- Version: 0.3.3
- AVID Entry