shaoyuyoung/CVE-public-1.txt

## CVE-public-1.txt
[CVE ID]
CVE-2025-46148
[Description]
torch.nn.PairwiseDistance outputs incorrect results via torch.compile, allowing attackers to make dangerous decisions by leveraging this vulnerability.
[Additional Information]
This vulnerability is labeled as high priority by pytorch community
[VulnerabilityType Other]
Incorrect Calculation
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
pytorch - <=2.7.0
[Affected Component]
torch inductor (a deep learning compiler of pytorch): https://github.com/pytorch/pytorch/tree/main/torch/_inductor
[Attack Type]
Remote
[CVE Impact Other]
Deep Learning model outputs incorrect results, making dangerous decisions
[Attack Vectors]
The hacker requested to compile the pytorch model using inductor, resulting in incorrect output results
[Reference]
https://github.com/pytorch/pytorch/issues/151198
https://github.com/pytorch/pytorch/pull/152993


[CVE ID]
CVE-2025-46149
[Description]
Buffer Overflow vulnerability in PyTorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to cause a denial of service via the torch.nn.Fold function
[Additional Information]
Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/147961) in the latest version of PyTorch.
[VulnerabilityType Other]
Buffer Overflow
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
PyTorch - Affected in v2.6.0. Fixed in v2.7.0
[Affected Component]
A PyTorch API: torch.nn.Fold
[Attack Type]
Local
[Impact Denial of Service]
true
[Attack Vectors]
Attackers request users to compile the PyTorch model. `torch.nn.Fold` will throw buffer overflow error after using torch.compile(). More details can be found in https://github.com/pytorch/pytorch/issues/147848
[Reference]
https://github.com/pytorch/pytorch/issues/147848
https://github.com/pytorch/pytorch/pull/147961


[CVE ID]
CVE-2025-46150
[Description]
An issue in pytorch v.2.6.0 allows a remote attacker to execute arbitrary code via the torch.nn.FractionalMaxPool2d component
[Additional Information]
Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/144395) in the latest version of PyTorch. They think this is a high-priority issue (https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658)
[VulnerabilityType Other]
incorrect calculation
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
PyTorch - Affected in v2.6.0. Fixed in v2.7.0
[Affected Component]
A PyTorch API: torch.nn.FractionalMaxPool2d
[Attack Type]
Remote
[CVE Impact Other]
silent incorrectness
[Attack Vectors]
Attackers request users to compile the PyTorch model. `torch.nn.FractionalMaxPool2d` will output incorrect results after using torch.compile(). More details can be found in https://github.com/pytorch/pytorch/issues/141538
[Reference]
https://github.com/pytorch/pytorch/issues/141538
https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658
https://github.com/pytorch/pytorch/pull/144395


[CVE ID]
CVE-2025-46152
[Description]
An issue in pytorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to make dangerous decisions via the torch.bitwise_right_shift component
[Additional Information]
Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/143635) in the latest version of PyTorch. This issue is labeled as high priority.
[VulnerabilityType Other]
incorrect calculation
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
PyTorch - Affected in v2.6.0. Fixed in v2.7.0
[Affected Component]
A PyTorch API: torch.bitwise_right_shift
[Attack Type]
Remote
[Attack Type Other]
silent incorrectness
[CVE Impact Other]
silent incorrectness
[Attack Vectors]
Attackers request users to compile the PyTorch model. `torch.bitwise_right_shift` will output incorrect results after using torch.compile() even if set config.fallback_random = True. More details can be found in https://github.com/pytorch/pytorch/issues/143555
[Reference]
https://github.com/pytorch/pytorch/issues/143555
https://github.com/pytorch/pytorch/pull/143635


[CVE ID]
CVE-2025-46153
[Description]
An issue in pytorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to execute arbitrary code via the torch.nn.Dropout1d, torch.nn.Dropout2d, and torch.nn.Dropout3d components
[Additional Information]
Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/143460) in the latest version of PyTorch.
[VulnerabilityType Other]
Incorrect Calculation
[Vendor of Product]
https://github.com/pytorch/pytorch
[Affected Product Code Base]
PyTorch - Affected in v2.6.0. Fixed in v2.7.0
[Affected Component]
PyTorch APIs: torch.nn.Dropout1d, torch.nn.Dropout2d, and torch.nn.Dropout3d
[Attack Type]
Remote
[Attack Vectors]
Attackers request users to compile the PyTorch model. `torch.nn.Dropout1d` will output incorrect results after using torch.compile() even if set config.fallback_random = True. More details can be found in https://github.com/pytorch/pytorch/issues/142853
[Reference]
https://github.com/pytorch/pytorch/issues/142853
https://github.com/pytorch/pytorch/pull/143460
	[CVE ID]
	CVE-2025-46148
	[Description]
	torch.nn.PairwiseDistance outputs incorrect results via torch.compile, allowing attackers to make dangerous decisions by leveraging this vulnerability.
	[Additional Information]
	This vulnerability is labeled as high priority by pytorch community
	[VulnerabilityType Other]
	Incorrect Calculation
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	pytorch - <=2.7.0
	[Affected Component]
	torch inductor (a deep learning compiler of pytorch): https://github.com/pytorch/pytorch/tree/main/torch/_inductor
	[Attack Type]
	Remote
	[CVE Impact Other]
	Deep Learning model outputs incorrect results, making dangerous decisions
	[Attack Vectors]
	The hacker requested to compile the pytorch model using inductor, resulting in incorrect output results
	[Reference]
	https://github.com/pytorch/pytorch/issues/151198
	https://github.com/pytorch/pytorch/pull/152993



	[CVE ID]
	CVE-2025-46149
	[Description]
	Buffer Overflow vulnerability in PyTorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to cause a denial of service via the torch.nn.Fold function
	[Additional Information]
	Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/147961) in the latest version of PyTorch.
	[VulnerabilityType Other]
	Buffer Overflow
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	PyTorch - Affected in v2.6.0. Fixed in v2.7.0
	[Affected Component]
	A PyTorch API: torch.nn.Fold
	[Attack Type]
	Local
	[Impact Denial of Service]
	true
	[Attack Vectors]
	Attackers request users to compile the PyTorch model. `torch.nn.Fold` will throw buffer overflow error after using torch.compile(). More details can be found in https://github.com/pytorch/pytorch/issues/147848
	[Reference]
	https://github.com/pytorch/pytorch/issues/147848
	https://github.com/pytorch/pytorch/pull/147961



	[CVE ID]
	CVE-2025-46150
	[Description]
	An issue in pytorch v.2.6.0 allows a remote attacker to execute arbitrary code via the torch.nn.FractionalMaxPool2d component
	[Additional Information]
	Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/144395) in the latest version of PyTorch. They think this is a high-priority issue (https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658)
	[VulnerabilityType Other]
	incorrect calculation
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	PyTorch - Affected in v2.6.0. Fixed in v2.7.0
	[Affected Component]
	A PyTorch API: torch.nn.FractionalMaxPool2d
	[Attack Type]
	Remote
	[CVE Impact Other]
	silent incorrectness
	[Attack Vectors]
	Attackers request users to compile the PyTorch model. `torch.nn.FractionalMaxPool2d` will output incorrect results after using torch.compile(). More details can be found in https://github.com/pytorch/pytorch/issues/141538
	[Reference]
	https://github.com/pytorch/pytorch/issues/141538
	https://github.com/pytorch/pytorch/issues/141538#issuecomment-2537424658
	https://github.com/pytorch/pytorch/pull/144395



	[CVE ID]
	CVE-2025-46152
	[Description]
	An issue in pytorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to make dangerous decisions via the torch.bitwise_right_shift component
	[Additional Information]
	Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/143635) in the latest version of PyTorch. This issue is labeled as high priority.
	[VulnerabilityType Other]
	incorrect calculation
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	PyTorch - Affected in v2.6.0. Fixed in v2.7.0
	[Affected Component]
	A PyTorch API: torch.bitwise_right_shift
	[Attack Type]
	Remote
	[Attack Type Other]
	silent incorrectness
	[CVE Impact Other]
	silent incorrectness
	[Attack Vectors]
	Attackers request users to compile the PyTorch model. `torch.bitwise_right_shift` will output incorrect results after using torch.compile() even if set config.fallback_random = True. More details can be found in https://github.com/pytorch/pytorch/issues/143555
	[Reference]
	https://github.com/pytorch/pytorch/issues/143555
	https://github.com/pytorch/pytorch/pull/143635



	[CVE ID]
	CVE-2025-46153
	[Description]
	An issue in pytorch v.2.6.0 and fixed in v.2.7.0 allows a remote attacker to execute arbitrary code via the torch.nn.Dropout1d, torch.nn.Dropout2d, and torch.nn.Dropout3d components
	[Additional Information]
	Developers in PyTorch community have confirmed this vulnerability and fixed it (https://github.com/pytorch/pytorch/pull/143460) in the latest version of PyTorch.
	[VulnerabilityType Other]
	Incorrect Calculation
	[Vendor of Product]
	https://github.com/pytorch/pytorch
	[Affected Product Code Base]
	PyTorch - Affected in v2.6.0. Fixed in v2.7.0
	[Affected Component]
	PyTorch APIs: torch.nn.Dropout1d, torch.nn.Dropout2d, and torch.nn.Dropout3d
	[Attack Type]
	Remote
	[Attack Vectors]
	Attackers request users to compile the PyTorch model. `torch.nn.Dropout1d` will output incorrect results after using torch.compile() even if set config.fallback_random = True. More details can be found in https://github.com/pytorch/pytorch/issues/142853
	[Reference]
	https://github.com/pytorch/pytorch/issues/142853
	https://github.com/pytorch/pytorch/pull/143460
No results found