Security context
UnratedPYSEC-2024-252 CVE-2024-31580Published Apr 17, 2024

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (D

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

0 → fixed in 2.2.0

Details

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

The fix

[fuzzing result][fuzz_torch_jit_lite_interpreter]

Octavian Guzu· Oct 3, 2023, 06:48 PM+30b5c3a17c2c
torch/csrc/jit/runtime/vararg_functions.cpp+3 0
@@ -267,6 +267,9 @@ void listUnpack(Stack& stack, size_t num_outputs) {
}
void tupleConstruct(Stack& stack, size_t num_inputs) {
+ if (num_inputs > stack.size()) {
+ TORCH_CHECK(false, "Invalid number of inputs: ", num_inputs);
+ }
switch (num_inputs) {
case 0:
stack.emplace_back(c10::ivalue::Tuple::create());

References