HIGH 7.5

PYSEC-2025-189

상세

A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / torch

최초 영향 버전: 0

No fixed version published yet for torch (pip). Pin to a known-safe version or switch to an alternative.

참고

https://vuldb.com/?id.299059 [ADVISORY]
https://vuldb.com/?submit.505959 [ADVISORY]
https://github.com/pytorch/pytorch/issues/147722 [REPORT]
https://vuldb.com/?ctiid.299059 [REPORT]