Security context
UnratedPYSEC-2024-250 CVE-2024-31584Published Apr 19, 2024

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

0 → fixed in 2.2.0

Details

Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.

The fix

Fix for PyTorch mobile flatbuffer loader out of bounds reads

Andrew Calvano· Nov 17, 2023, 05:29 PM+117c35874ad6
torch/csrc/jit/mobile/flatbuffer_loader.cpp+1 1
@@ -302,7 +302,7 @@ mobile::Module FlatbufferLoader::parseModule(
storage_loaded_.resize(module->storage_data_size(), false);
mobile_ivalue_size_ = module_->mobile_ivalue_size();
- if (mobile_ivalue_size_ == 0) {
+ if (mobile_ivalue_size_ == 0 || mobile_ivalue_size_ > ivalues->size()) {
mobile_ivalue_size_ = ivalues->size();
}

References