{"id":"PYSEC-2024-252","details":"PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.","aliases":["BIT-pytorch-2024-31580","CVE-2024-31580","GHSA-5pcm-hx3q-hm94"],"modified":"2025-06-11T06:29:31.189342Z","published":"2024-04-17T19:15:07Z","references":[{"type":"FIX","url":"https://github.com/pytorch/pytorch/commit/b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"},{"type":"WEB","url":"https://gist.github.com/1047524396/038c78f2f007345e6f497698ace2aa3d"}],"affected":[{"package":{"name":"torch","ecosystem":"PyPI","purl":"pkg:pypi/torch"},"ranges":[{"type":"GIT","repo":"https://github.com/pytorch/pytorch","events":[{"introduced":"0"},{"fixed":"b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"},{"fixed":"b5c3a17c2c207ebefcb85043f0cf94be9b2fef81"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0"}]}],"versions":["1.0.0","1.0.1","1.1.0","1.10.0","1.10.1","1.10.2","1.11.0","1.12.0","1.12.1","1.13.0","1.13.1","1.2.0","1.3.0","1.3.1","1.4.0","1.5.0","1.5.1","1.6.0","1.7.0","1.7.1","1.8.0","1.8.1","1.9.0","1.9.1","2.0.0","2.0.1","2.1.0","2.1.1","2.1.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/torch/PYSEC-2024-252.yaml"}}],"schema_version":"1.7.3"}