Primary

Context

PyTorch Buffer Overflow Vulnerability in nn.Fold Component Allowing Denial-of-Service

Vulnerability

Patched

A buffer overflow vulnerability has been identified in PyTorch versions prior to 2.7.0, specifically when the inductor compiler is used. This vulnerability occurs in the nn.Fold function, where an assertion error is thrown, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by triggering a buffer overflow error in the nn.Fold function.

Reproduction

The vulnerability can be reproduced by compiling a PyTorch model that includes the nn.Fold component using the inductor backend. This will result in an assertion error being thrown, indicating a buffer overflow issue.

Remediation

Users can upgrade to PyTorch version 2.7.0 or later, where this vulnerability has been fixed.

Added: Sep 25, 2025, 3:23 PM

Updated: Sep 25, 2025, 7:28 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.5

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.8

remediation

7.7

relevance

0.5

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PyTorch Buffer Overflow Vulnerability in nn.Fold Component Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Remediation

Affected Products

PyTorch

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating