CVE-2024-31580

Publication date 17 April 2024

Last updated 24 July 2024

Ubuntu priority

PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pytorch	24.10 oracular	Needs evaluation
	24.04 LTS noble	Not in release
	23.10 mantic	Ignored end of life, was needs-triage
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2024-31580
https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81
https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d