Homepage

torch@1.3.1 vulnerabilities

Tensors and Dynamic neural networks in Python with strong GPU acceleration

  • latest version

    2.6.0

  • first published

    6 years ago

  • latest version published

    2 months ago

  • licenses detected

  • View torch package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the torch package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Improper Check for Unusual or Exceptional Conditions

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the ctc_loss() function in LossCTC.cpp, when running on a CUDA system. An attacker can cause the application to crash by passing in input with empty tensors.

    How to fix Improper Check for Unusual or Exceptional Conditions?

    A fix was pushed into the master branch but not yet published.

    [0,)
    • M
    Improper Resource Shutdown or Release

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the torch.mkldnn_max_pool2d function. An attacker can disrupt service by exploiting this vulnerability locally and causing a Floating point exception crash.

    How to fix Improper Resource Shutdown or Release?

    There is no fixed version for torch.

    [0,)
    • H
    Heap-based Buffer Overflow

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the /runtime/vararg_functions.cpp component. An attacker can cause a crash or potentially execute arbitrary code by supplying crafted input.

    How to fix Heap-based Buffer Overflow?

    Upgrade torch to version 2.2.0 or higher.

    [,2.2.0)
    • H
    Use After Free

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Use After Free due to improper handling of memory in the interpreter.cpp component. An attacker can execute arbitrary code or cause a denial of service.

    How to fix Use After Free?

    Upgrade torch to version 2.2.0 or higher.

    [,2.2.0)
    • M
    Race Condition

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Race Condition in the database management. This occurred due to concurrent access to shared resources without adequate synchronization, causing unpredictable system behavior.

    How to fix Race Condition?

    Upgrade torch to version 1.13.0 or higher.

    [,1.13.0)
    • M
    Race Condition

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Race Condition in the torch.jit.annotations.parse_type_line function. This allowes simultaneous reading and writing the set of devices without synchronizing.

    How to fix Race Condition?

    Upgrade torch to version 1.10.0 or higher.

    [,1.10.0)
    • C
    Command Injection

    torch is a Tensors and Dynamic neural networks in Python with strong GPU acceleration

    Affected versions of this package are vulnerable to Command Injection in torch.jit.annotations.parse_type_line which can cause arbitrary code execution because eval is used unsafely.

    How to fix Command Injection?

    Upgrade torch to version 1.13.1 or higher.

    [0,1.13.1)
    Go back to all versions of this package