{"data":{"id":"78f68875-3d79-438f-9f36-74b64dcc2a1e","title":"CVE-2024-31584: Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.","summary":"PyTorch versions before 2.2.0 contain an out-of-bounds read vulnerability (a bug where code tries to read data from memory outside its allowed range) in the flatbuffer_loader component, which is used for loading machine learning models on mobile devices. This vulnerability could potentially allow attackers to read sensitive information from memory or cause the program to crash.","solution":"Upgrade to PyTorch version 2.2.0 or later. A patch is available at https://github.com/pytorch/pytorch/commit/7c35874ad664e74c8e4252d67521f3986eadb0e6.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-31584","publishedAt":"2024-04-20T01:15:08.080Z","cveId":"CVE-2024-31584","cweIds":["CWE-125"],"cvssScore":"5.5","cvssSeverity":"medium","severity":"medium","attackType":[],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Meta"],"affectedVendorsRaw":["PyTorch"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00077,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-540"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}