Primary

Context

ExecuTorch Heap Buffer Overflow Vulnerability Leading to Potential Code Execution

Vulnerability

A heap buffer overflow vulnerability has been identified in ExecuTorch, specifically in the model loading process. This vulnerability, present in versions prior to a specific commit, can potentially allow for code execution or other undesirable effects.

Impact

Exploitation of this vulnerability can lead to a heap buffer overflow, which commonly allows for arbitrary code execution or memory corruption.

Reproduction

The vulnerability can be reproduced by loading a crafted ExecuTorch model that exploits the buffer overflow in the 'et_copy_index' operation. This can be done by creating a tensor that is improperly sized, causing the 'copy_to' tensor to overflow when data is copied from the 'copy_from' tensor.

Remediation

Users should update to the version of ExecuTorch that includes the commit fixing this vulnerability.

Added: Aug 7, 2025, 11:20 PM

Updated: Aug 7, 2025, 11:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.4

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

8.4

remediation

0.0

relevance

0.3

threat

4.8

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ExecuTorch Heap Buffer Overflow Vulnerability Leading to Potential Code Execution

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating