PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

Affected Packages

PyPI torch

Affected versions: 0 (fixed in 2.2.0)

Related CVEs

CVE-2024-31580

Key Information

GHSA ID

GHSA-5pcm-hx3q-hm94

Published

April 17, 2024 9:30 PM

Last Modified

June 11, 2025 1:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

PyPI

Primary Package

torch

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.