torch 2.7.1 vulnerabilities

Known vulnerabilities in the torch package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Mismatched Memory Management Routines torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Mismatched Memory Management Routines through the `torch.cuda.memory.caching_allocator_delete` function. An attacker can corrupt memory by manipulating the function locally. How to fix Mismatched Memory Management Routines? There is no fixed version for `torch`.	[0,)
M Out-of-bounds Write torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Out-of-bounds Write through the `torch.jit.jit_module_from_flatbuffer` function. An attacker can corrupt memory by manipulating the input data to this function. How to fix Out-of-bounds Write? There is no fixed version for `torch`.	[0,)
M Out-of-bounds Write torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Out-of-bounds Write when using `@torch.jit.script`. An attacker can corrupt memory by manipulating the function's input. Note: This is only exploitable if the attacker has local access to the system. How to fix Out-of-bounds Write? There is no fixed version for `torch`.	[0,)
M Out-of-bounds Write torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Out-of-bounds Write due to the `torch.lstm_cell` function. An attacker can corrupt memory by manipulating the function's input. Note: This is only exploitable if the attacker has local access to the system. How to fix Out-of-bounds Write? There is no fixed version for `torch`.	[0,)
M Buffer Overflow torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Buffer Overflow due to the `unpack_sequence` function. An attacker can corrupt memory by manipulating the function's input. This is only exploitable if the attacker has local access to the system. How to fix Buffer Overflow? There is no fixed version for `torch`.	[0,)
H Buffer Overflow torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Buffer Overflow through the `pad_packed_sequence` function in `nn/utils/rnn.py`. An attacker can corrupt memory by manipulating the internal state of the function. How to fix Buffer Overflow? There is no fixed version for `torch`.	[0,)
M Improper Resource Shutdown or Release torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the `torch.cuda.nccl.reduce` function in the file `torch/cuda/nccl.py`. An attacker can cause the application to crash by manipulating the function inputs on a local host. How to fix Improper Resource Shutdown or Release? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Check for Unusual or Exceptional Conditions torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the `ctc_loss()` function in `LossCTC.cpp`, when running on a CUDA system. An attacker can cause the application to crash by passing in input with empty tensors. How to fix Improper Check for Unusual or Exceptional Conditions? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Mismatched Memory Management Routines

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Mismatched Memory Management Routines through the torch.cuda.memory.caching_allocator_delete function. An attacker can corrupt memory by manipulating the function locally.

How to fix Mismatched Memory Management Routines?

There is no fixed version for torch.

[0,)

Out-of-bounds Write

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Out-of-bounds Write through the torch.jit.jit_module_from_flatbuffer function. An attacker can corrupt memory by manipulating the input data to this function.

How to fix Out-of-bounds Write?

There is no fixed version for torch.

[0,)

Out-of-bounds Write

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Out-of-bounds Write when using @torch.jit.script. An attacker can corrupt memory by manipulating the function's input.

Note: This is only exploitable if the attacker has local access to the system.

How to fix Out-of-bounds Write?

There is no fixed version for torch.

[0,)

Out-of-bounds Write

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Out-of-bounds Write due to the torch.lstm_cell function. An attacker can corrupt memory by manipulating the function's input.

Note: This is only exploitable if the attacker has local access to the system.

How to fix Out-of-bounds Write?

There is no fixed version for torch.

[0,)

Buffer Overflow

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Buffer Overflow due to the unpack_sequence function. An attacker can corrupt memory by manipulating the function's input. This is only exploitable if the attacker has local access to the system.

How to fix Buffer Overflow?

There is no fixed version for torch.

[0,)

Buffer Overflow

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Buffer Overflow through the pad_packed_sequence function in nn/utils/rnn.py. An attacker can corrupt memory by manipulating the internal state of the function.

How to fix Buffer Overflow?

There is no fixed version for torch.

[0,)

Improper Resource Shutdown or Release

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the torch.cuda.nccl.reduce function in the file torch/cuda/nccl.py. An attacker can cause the application to crash by manipulating the function inputs on a local host.

How to fix Improper Resource Shutdown or Release?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Check for Unusual or Exceptional Conditions

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the ctc_loss() function in LossCTC.cpp, when running on a CUDA system. An attacker can cause the application to crash by passing in input with empty tensors.

How to fix Improper Check for Unusual or Exceptional Conditions?

A fix was pushed into the master branch but not yet published.

[0,)

torch@2.7.1 vulnerabilities

Tensors and Dynamic neural networks in Python with strong GPU acceleration

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?