ExecuTorch Heap Buffer Overflow Vulnerability Allowing Runtime Crash and Potential Code Execution
Vulnerability
A heap-buffer-overflow vulnerability has been identified in ExecuTorch, specifically in the method loading process. This vulnerability can lead to a runtime crash and may allow for code execution or other negative effects. It affects ExecuTorch versions prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f.
Impact
Exploitation of this vulnerability can cause a heap buffer overflow, leading to a runtime crash and potentially allowing for arbitrary code execution.
Reproduction
The vulnerability can be reproduced by loading ExecuTorch methods that include tensor sizes designed to cause an overflow when processed. This can be done by creating a 'TensorInfo' object with sizes that exceed the maximum limit, which will trigger the buffer overflow during method execution.
Remediation
Users can update to the latest version of ExecuTorch, which includes the necessary fix for this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.