torch 2.9.1 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the torch package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Denial of Service (DoS) torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Denial of Service (DoS) due to the omission of calling `profiler.stop` during the finalization process. An attacker can cause the application to crash or hang by triggering code paths that utilize the profiling functionality without proper termination. How to fix Denial of Service (DoS)? There is no fixed version for `torch`.	[0,)
L Always-Incorrect Control Flow Implementation torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when compiling model with `torch.rot90()` and `torch.randn_like()` functions while `backend="aot_eager_decomp_partition"`. An attacker can cause unexpected behavior or potentially manipulate outputs by crafting inputs that trigger the interaction between these functions. How to fix Always-Incorrect Control Flow Implementation? There is no fixed version for `torch`.	[0,)
M Integer Overflow or Wraparound torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the `torch.nan_to_num()` function when used with `.long()` to convert `float("inf")` in `eager` mode. An attacker can cause unexpected behavior by providing specially crafted input that triggers an integer overflow. How to fix Integer Overflow or Wraparound? There is no fixed version for `torch`.	[0,)
L Reachable Assertion torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Reachable Assertion in the `torch.linalg.lu()` function. In `AOTAutograd` mode `LU` decomposition can't accept slice operation and An attacker can cause the application to become unresponsive or crash if `backend="aot_eager"` by providing specially crafted input. Note: The issue is not affecting compilers that are set with `backend="eager"`. How to fix Reachable Assertion? There is no fixed version for `torch`.	[0,)
M Mismatched Memory Management Routines torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Mismatched Memory Management Routines through the `torch.cuda.memory.caching_allocator_delete` function. An attacker can corrupt memory by manipulating the function locally. How to fix Mismatched Memory Management Routines? There is no fixed version for `torch`.	[0,)
M Out-of-bounds Write torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Out-of-bounds Write through the `torch.jit.jit_module_from_flatbuffer` function. An attacker can corrupt memory by manipulating the input data to this function. How to fix Out-of-bounds Write? There is no fixed version for `torch`.	[0,)
M Out-of-bounds Write torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Out-of-bounds Write when using `@torch.jit.script`. An attacker can corrupt memory by manipulating the function's input. Note: This is only exploitable if the attacker has local access to the system. How to fix Out-of-bounds Write? There is no fixed version for `torch`.	[0,)
M Out-of-bounds Write torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Out-of-bounds Write due to the `torch.lstm_cell` function. An attacker can corrupt memory by manipulating the function's input. Note: This is only exploitable if the attacker has local access to the system. How to fix Out-of-bounds Write? There is no fixed version for `torch`.	[0,)
M Buffer Overflow torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Buffer Overflow due to the `unpack_sequence` function. An attacker can corrupt memory by manipulating the function's input. This is only exploitable if the attacker has local access to the system. How to fix Buffer Overflow? There is no fixed version for `torch`.	[0,)
H Buffer Overflow torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Buffer Overflow through the `pad_packed_sequence` function in `nn/utils/rnn.py`. An attacker can corrupt memory by manipulating the internal state of the function. How to fix Buffer Overflow? A fix was pushed into the `master` branch but not yet published.	[0,)
M Improper Resource Shutdown or Release torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the `torch.cuda.nccl.reduce` function in the file `torch/cuda/nccl.py`. An attacker can cause the application to crash by manipulating the function inputs on a local host. How to fix Improper Resource Shutdown or Release? A fix was pushed into the `master` branch but not yet published.	[0,)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Denial of Service (DoS) due to the omission of calling profiler.stop during the finalization process. An attacker can cause the application to crash or hang by triggering code paths that utilize the profiling functionality without proper termination.

How to fix Denial of Service (DoS)?

There is no fixed version for torch.

[0,)

Always-Incorrect Control Flow Implementation

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation when compiling model with torch.rot90() and torch.randn_like() functions while backend="aot_eager_decomp_partition". An attacker can cause unexpected behavior or potentially manipulate outputs by crafting inputs that trigger the interaction between these functions.

How to fix Always-Incorrect Control Flow Implementation?

There is no fixed version for torch.

[0,)

Integer Overflow or Wraparound

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the torch.nan_to_num() function when used with .long() to convert float("inf") in eager mode. An attacker can cause unexpected behavior by providing specially crafted input that triggers an integer overflow.

How to fix Integer Overflow or Wraparound?

There is no fixed version for torch.

[0,)

Reachable Assertion

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Reachable Assertion in the torch.linalg.lu() function. In AOTAutograd mode LU decomposition can't accept slice operation and An attacker can cause the application to become unresponsive or crash if backend="aot_eager" by providing specially crafted input.

Note:

The issue is not affecting compilers that are set with backend="eager".

How to fix Reachable Assertion?

There is no fixed version for torch.

[0,)

Mismatched Memory Management Routines

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Mismatched Memory Management Routines through the torch.cuda.memory.caching_allocator_delete function. An attacker can corrupt memory by manipulating the function locally.

How to fix Mismatched Memory Management Routines?

There is no fixed version for torch.

[0,)

Out-of-bounds Write

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Out-of-bounds Write through the torch.jit.jit_module_from_flatbuffer function. An attacker can corrupt memory by manipulating the input data to this function.

How to fix Out-of-bounds Write?

There is no fixed version for torch.

[0,)

Out-of-bounds Write

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Out-of-bounds Write when using @torch.jit.script. An attacker can corrupt memory by manipulating the function's input.

Note: This is only exploitable if the attacker has local access to the system.

How to fix Out-of-bounds Write?

There is no fixed version for torch.

[0,)

Out-of-bounds Write

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Out-of-bounds Write due to the torch.lstm_cell function. An attacker can corrupt memory by manipulating the function's input.

Note: This is only exploitable if the attacker has local access to the system.

How to fix Out-of-bounds Write?

There is no fixed version for torch.

[0,)

Buffer Overflow

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Buffer Overflow due to the unpack_sequence function. An attacker can corrupt memory by manipulating the function's input. This is only exploitable if the attacker has local access to the system.

How to fix Buffer Overflow?

There is no fixed version for torch.

[0,)

Buffer Overflow

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Buffer Overflow through the pad_packed_sequence function in nn/utils/rnn.py. An attacker can corrupt memory by manipulating the internal state of the function.

How to fix Buffer Overflow?

A fix was pushed into the master branch but not yet published.

[0,)

Improper Resource Shutdown or Release

torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release through the torch.cuda.nccl.reduce function in the file torch/cuda/nccl.py. An attacker can cause the application to crash by manipulating the function inputs on a local host.

How to fix Improper Resource Shutdown or Release?

A fix was pushed into the master branch but not yet published.

[0,)

torch@2.9.1 vulnerabilities

Tensors and Dynamic neural networks in Python with strong GPU acceleration

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically