shaoyuyoung/CVE-public-2.txt

## CVE-public-2.txt
[CVE ID]
CVE-2025-55551
[Description]
An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
[Additional Information]
This issue was labeled as high priority by pytorch community.
[VulnerabilityType Other]
Type Error
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.8.0
[Affected Component]
a PyTorch API: `torch.linalg.lu`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[Impact Denial of Service]
true
[Attack Vectors]
The hacker requested to compile the PyTorch model consisting of `torch.linalg.lu` with inductor, which can result in a system crash, causing Denial of Service.
[Reference]
https://github.com/pytorch/pytorch/issues/151401


[CVE ID]
CVE-2025-55552
[Description]
pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
[Additional Information]
This issue was labeled as high priority by the PyTorch community.
[VulnerabilityType Other]
Incorrect calculation
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - version - <=2.8.0
[Affected Component]
a combination of PyTorch APIs: `torch.rot90` and `torch.randn_like`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[CVE Impact Other]
Silent Incorrectness
[Attack Vectors]
The hacker requested to compile the pytorch model consisting of  `torch.rot90` and `torch.randn_like` with inductor, which can result in incorrect output results.
[Reference]
https://github.com/pytorch/pytorch/issues/147847


[CVE ID]
CVE-2025-55553
[Description]
A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
[Additional Information]
This issue was labeled as high priority by PyTorch community. This vulnerability is fixed in the latest PyTorch version (https://github.com/pytorch/pytorch/pull/154645)
[VulnerabilityType Other]
Syntax Error
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.7.0
[Affected Component]
a PyTorch API: `torch.Tensor.random_()`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[Impact Denial of Service]
true
[Attack Vectors]
The hacker requested to compile the PyTorch model consisting of `torch.Tensor.random_()` with inductor, which can result in a Syntax Error, causing Denial of Service.
[Reference]
https://github.com/pytorch/pytorch/issues/151432
https://github.com/pytorch/pytorch/pull/154645


[CVE ID]
CVE-2025-55554
[Description]
pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
[Vulnerability Type]
Integer Overflow
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.8.0
[Affected Component]
a combination of PyTorch APIs: `torch.nan_to_num` and `.long()`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[CVE Impact Other]
Silent Incorrectness
[Attack Vectors]
The hacker requested to compile the PyTorch model consisting of `torch.nan_to_num` and `.long()` with inductor, which can result in Integer Overflow when meeting `inf` input, causing Incorrect calculation.
[Reference]
https://github.com/pytorch/pytorch/issues/151510


[CVE ID]
CVE-2025-55556
[Description]
TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
[Additional Information]
TensorFlow community has confirmed this vulnerability.
[Vulnerability Type Other]
Incorrect calculation
[Vendor of Product]
https://github.com/tensorflow/tensorflow
[Affected Product Code Base]
TensorFlow - version - <=2.18.0
[Affected Component]
a  TensorFlow  API: `tf.keras.layers.Embedding`
TensorFlow compiler: XLA (https://github.com/tensorflow/tensorflow/tree/master/tensorflow/compiler/tf2xla)
[Attack Type]
Remote
[CVE Impact Other]
Silent Incorrectness
[Attack Vectors]
The hacker requested to compile the TensorFlow model consisting of `tf.keras.layers.Embedding` with XLA, which can result in silent incorrectness, causing the TensorFlow model to make wrong or dangerous decisions.
[Reference]
https://github.com/tensorflow/tensorflow/issues/82317


[CVE ID]
CVE-2025-55557
[Description]
A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
[Additional Information]
This issue was labeled as high priority by pytorch community. This vulnerability is fixed in the latest pytorch version (https://github.com/pytorch/pytorch/pull/151931)
[Vulnerability Type Other]
Name Error
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.7.0
[Affected Component]
a  PyTorch API: `torch.cummin`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[Impact Denial of Service]
true
[Attack Vectors]
The hacker requested to compile the PyTorch model consisting of `torch.cummin` with inductor, which can result in Name Error, causing Denial of Service.
[Reference]
https://github.com/pytorch/pytorch/issues/151738
https://github.com/pytorch/pytorch/pull/151931


[CVE ID]
CVE-2025-55558
[Description]
A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
[Additional Information]
This vulnerability is fixed in the latest pytorch version (https://github.com/pytorch/pytorch/pull/151887)
[Vulnerability Type]
Buffer Overflow
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.7.0
[Affected Component]
a combination of PyTorch APIs: `torch.nn.Conv2d`, `torch.nn.functional.hardshrink` and `torch.Tensor.view-torch.mv()`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[Impact Denial of Service]
true
[Attack Vectors]
The hacker requested to compile the PyTorch model consisting of `torch.nn.Conv2d`, `torch.nn.functional.hardshrink`, and `torch.Tensor.view-torch.mv()` with inductor, which can result in Buffer Overflow, causing Denial of Service.
[Reference]
https://github.com/pytorch/pytorch/issues/151523
https://github.com/pytorch/pytorch/pull/151887


[CVE ID]
CVE-2025-55559
[Description]
An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
[Additional Information]
TensorFlow community has confirmed this vulnerability.
[Vulnerability Type Other]
Runtime Error
[Vendor of Product]
https://github.com/tensorflow/tensorflow
[Affected Product Code Base]
TensorFlow - version - <=2.18.0
[Affected Component]
a  TensorFlow  API: `tf.keras.layers.Conv2D`
TensorFlow compiler: XLA (https://github.com/tensorflow/tensorflow/tree/master/tensorflow/compiler/tf2xla)
[Attack Type]
Remote
[Impact Denial of Service]
true
[Attack Vectors]
The hacker requested to change the parameter `padding='valid'` of `tf.keras.layers.Conv2D`, which is compiled by XLA. In such a case, `tf.keras.layers.Conv2D` will throw a runtime error because it receives a negative dimension size.
[Reference]
https://github.com/tensorflow/tensorflow/issues/84205


[CVE ID]
CVE-2025-55560
[Description]
An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
[Additional Information]
This issue was labeled as high priority by pytorch community. This vulnerability is fixed in the latest pytorch version (https://github.com/pytorch/pytorch/pull/151897)
[Vulnerability Type]
Not Implemented Error
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.7.0
[Affected Component]
a combination of PyTorch APIs: `torch.Tensor.to_sparse()` and `torch.Tensor.to_dense()`
PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
[Attack Type]
Remote
[Impact Denial of Service]
true
[Attack Vectors]
The hacker requested to compile the PyTorch model consisting of `torch.Tensor.to_sparse()` and `torch.Tensor.to_dense()` with inductor, which can result in Not Implemented Error, causing Denial of Service.
[Reference]
https://github.com/pytorch/pytorch/issues/151522
https://github.com/pytorch/pytorch/pull/151897
	[CVE ID]
	CVE-2025-55551
	[Description]
	An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
	[Additional Information]
	This issue was labeled as high priority by pytorch community.
	[VulnerabilityType Other]
	Type Error
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.8.0
	[Affected Component]
	a PyTorch API: `torch.linalg.lu`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[Impact Denial of Service]
	true
	[Attack Vectors]
	The hacker requested to compile the PyTorch model consisting of `torch.linalg.lu` with inductor, which can result in a system crash, causing Denial of Service.
	[Reference]
	https://github.com/pytorch/pytorch/issues/151401


	[CVE ID]
	CVE-2025-55552
	[Description]
	pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
	[Additional Information]
	This issue was labeled as high priority by the PyTorch community.
	[VulnerabilityType Other]
	Incorrect calculation
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - version - <=2.8.0
	[Affected Component]
	a combination of PyTorch APIs: `torch.rot90` and `torch.randn_like`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[CVE Impact Other]
	Silent Incorrectness
	[Attack Vectors]
	The hacker requested to compile the pytorch model consisting of `torch.rot90` and `torch.randn_like` with inductor, which can result in incorrect output results.
	[Reference]
	https://github.com/pytorch/pytorch/issues/147847



	[CVE ID]
	CVE-2025-55553
	[Description]
	A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
	[Additional Information]
	This issue was labeled as high priority by PyTorch community. This vulnerability is fixed in the latest PyTorch version (https://github.com/pytorch/pytorch/pull/154645)
	[VulnerabilityType Other]
	Syntax Error
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.7.0
	[Affected Component]
	a PyTorch API: `torch.Tensor.random_()`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[Impact Denial of Service]
	true
	[Attack Vectors]
	The hacker requested to compile the PyTorch model consisting of `torch.Tensor.random_()` with inductor, which can result in a Syntax Error, causing Denial of Service.
	[Reference]
	https://github.com/pytorch/pytorch/issues/151432
	https://github.com/pytorch/pytorch/pull/154645



	[CVE ID]
	CVE-2025-55554
	[Description]
	pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
	[Vulnerability Type]
	Integer Overflow
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.8.0
	[Affected Component]
	a combination of PyTorch APIs: `torch.nan_to_num` and `.long()`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[CVE Impact Other]
	Silent Incorrectness
	[Attack Vectors]
	The hacker requested to compile the PyTorch model consisting of `torch.nan_to_num` and `.long()` with inductor, which can result in Integer Overflow when meeting `inf` input, causing Incorrect calculation.
	[Reference]
	https://github.com/pytorch/pytorch/issues/151510



	[CVE ID]
	CVE-2025-55556
	[Description]
	TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
	[Additional Information]
	TensorFlow community has confirmed this vulnerability.
	[Vulnerability Type Other]
	Incorrect calculation
	[Vendor of Product]
	https://github.com/tensorflow/tensorflow
	[Affected Product Code Base]
	TensorFlow - version - <=2.18.0
	[Affected Component]
	a TensorFlow API: `tf.keras.layers.Embedding`
	TensorFlow compiler: XLA (https://github.com/tensorflow/tensorflow/tree/master/tensorflow/compiler/tf2xla)
	[Attack Type]
	Remote
	[CVE Impact Other]
	Silent Incorrectness
	[Attack Vectors]
	The hacker requested to compile the TensorFlow model consisting of `tf.keras.layers.Embedding` with XLA, which can result in silent incorrectness, causing the TensorFlow model to make wrong or dangerous decisions.
	[Reference]
	https://github.com/tensorflow/tensorflow/issues/82317



	[CVE ID]
	CVE-2025-55557
	[Description]
	A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
	[Additional Information]
	This issue was labeled as high priority by pytorch community. This vulnerability is fixed in the latest pytorch version (https://github.com/pytorch/pytorch/pull/151931)
	[Vulnerability Type Other]
	Name Error
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.7.0
	[Affected Component]
	a PyTorch API: `torch.cummin`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[Impact Denial of Service]
	true
	[Attack Vectors]
	The hacker requested to compile the PyTorch model consisting of `torch.cummin` with inductor, which can result in Name Error, causing Denial of Service.
	[Reference]
	https://github.com/pytorch/pytorch/issues/151738
	https://github.com/pytorch/pytorch/pull/151931



	[CVE ID]
	CVE-2025-55558
	[Description]
	A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS).
	[Additional Information]
	This vulnerability is fixed in the latest pytorch version (https://github.com/pytorch/pytorch/pull/151887)
	[Vulnerability Type]
	Buffer Overflow
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.7.0
	[Affected Component]
	a combination of PyTorch APIs: `torch.nn.Conv2d`, `torch.nn.functional.hardshrink` and `torch.Tensor.view-torch.mv()`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[Impact Denial of Service]
	true
	[Attack Vectors]
	The hacker requested to compile the PyTorch model consisting of `torch.nn.Conv2d`, `torch.nn.functional.hardshrink`, and `torch.Tensor.view-torch.mv()` with inductor, which can result in Buffer Overflow, causing Denial of Service.
	[Reference]
	https://github.com/pytorch/pytorch/issues/151523
	https://github.com/pytorch/pytorch/pull/151887



	[CVE ID]
	CVE-2025-55559
	[Description]
	An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
	[Additional Information]
	TensorFlow community has confirmed this vulnerability.
	[Vulnerability Type Other]
	Runtime Error
	[Vendor of Product]
	https://github.com/tensorflow/tensorflow
	[Affected Product Code Base]
	TensorFlow - version - <=2.18.0
	[Affected Component]
	a TensorFlow API: `tf.keras.layers.Conv2D`
	TensorFlow compiler: XLA (https://github.com/tensorflow/tensorflow/tree/master/tensorflow/compiler/tf2xla)
	[Attack Type]
	Remote
	[Impact Denial of Service]
	true
	[Attack Vectors]
	The hacker requested to change the parameter `padding='valid'` of `tf.keras.layers.Conv2D`, which is compiled by XLA. In such a case, `tf.keras.layers.Conv2D` will throw a runtime error because it receives a negative dimension size.
	[Reference]
	https://github.com/tensorflow/tensorflow/issues/84205



	[CVE ID]
	CVE-2025-55560
	[Description]
	An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
	[Additional Information]
	This issue was labeled as high priority by pytorch community. This vulnerability is fixed in the latest pytorch version (https://github.com/pytorch/pytorch/pull/151897)
	[Vulnerability Type]
	Not Implemented Error
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.7.0
	[Affected Component]
	a combination of PyTorch APIs: `torch.Tensor.to_sparse()` and `torch.Tensor.to_dense()`
	PyTorch compiler: Inductor (https://github.com/pytorch/pytorch/tree/main/torch/_inductor)
	[Attack Type]
	Remote
	[Impact Denial of Service]
	true
	[Attack Vectors]
	The hacker requested to compile the PyTorch model consisting of `torch.Tensor.to_sparse()` and `torch.Tensor.to_dense()` with inductor, which can result in Not Implemented Error, causing Denial of Service.
	[Reference]
	https://github.com/pytorch/pytorch/issues/151522
	https://github.com/pytorch/pytorch/pull/151897
No results found