8.8 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files
PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution. Version 2.10.0 fixes the issue.
References
- https://github.com/pytorch/pytorch/issues/163105 x_refsource_MISC
- https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139 x_refsource_MISC
- https://github.com/pytorch/pytorch/releases/tag/v2.10.0 x_refsource_MISC
- https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p x_refsource_CONFIRM
- https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p x_refsource_CONFIRM
- https://github.com/pytorch/pytorch/issues/163105 x_refsource_MISC
- https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139 x_refsource_MISC
- https://github.com/pytorch/pytorch/releases/tag/v2.10.0 x_refsource_MISC
- https://github.com/pytorch/pytorch/releases/tag/v2.10.0 x_refsource_MISC
- https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p x_refsource_CONFIRM
- https://github.com/pytorch/pytorch/issues/163105 x_refsource_MISC
- https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139 x_refsource_MISC
Affected products
- ==< 2.10.0
Matching in nixpkgs
pkgs.python312Packages.gpytorch
Highly efficient and modular implementation of Gaussian Processes, with GPU acceleration
pkgs.python313Packages.gpytorch
Highly efficient and modular implementation of Gaussian Processes, with GPU acceleration
pkgs.python312Packages.pytorch3d
FAIR's library of reusable components for deep learning with 3D data
-
nixos-unstable pytorch3d-0.7.8
- nixpkgs-unstable pytorch3d-0.7.8
- nixos-unstable-small pytorch3d-0.7.8
pkgs.python313Packages.pytorch3d
FAIR's library of reusable components for deep learning with 3D data
-
nixos-unstable pytorch3d-0.7.8
- nixpkgs-unstable pytorch3d-0.7.8
- nixos-unstable-small pytorch3d-0.7.8
pkgs.python312Packages.pytorchviz
Small package to create visualizations of PyTorch execution graphs
-
nixos-unstable 0.0.2-unstable-2024-12-30
- nixpkgs-unstable 0.0.2-unstable-2024-12-30
- nixos-unstable-small 0.0.2-unstable-2024-12-30
pkgs.python313Packages.pytorchviz
Small package to create visualizations of PyTorch execution graphs
-
nixos-unstable 0.0.2-unstable-2024-12-30
- nixpkgs-unstable 0.0.2-unstable-2024-12-30
- nixos-unstable-small 0.0.2-unstable-2024-12-30
pkgs.python312Packages.lion-pytorch
Optimizer tuned by Google Brain using genetic algorithms
pkgs.python313Packages.lion-pytorch
Optimizer tuned by Google Brain using genetic algorithms
pkgs.python312Packages.pytorch-bench
Benchmarking tool for torch
-
nixos-unstable 2024-07-18
- nixpkgs-unstable 2024-07-18
- nixos-unstable-small 2024-07-18
pkgs.python313Packages.pytorch-bench
Benchmarking tool for torch
-
nixos-unstable 2024-07-18
- nixpkgs-unstable 2024-07-18
- nixos-unstable-small 2024-07-18
pkgs.python312Packages.pytorch-memlab
Simple and accurate CUDA memory management laboratory for pytorch
pkgs.python312Packages.pytorch-msssim
Fast and differentiable MS-SSIM and SSIM for pytorch
pkgs.python312Packages.pytorch-tabnet
PyTorch implementation of TabNet
pkgs.python313Packages.pytorch-memlab
Simple and accurate CUDA memory management laboratory for pytorch
pkgs.python313Packages.pytorch-msssim
Fast and differentiable MS-SSIM and SSIM for pytorch
pkgs.python313Packages.pytorch-tabnet
PyTorch implementation of TabNet
pkgs.pkgsRocm.python3Packages.gpytorch
Highly efficient and modular implementation of Gaussian Processes, with GPU acceleration
pkgs.python312Packages.facenet-pytorch
Pretrained Pytorch face detection (MTCNN) and facial recognition (InceptionResnet) models
pkgs.python313Packages.facenet-pytorch
Pretrained Pytorch face detection (MTCNN) and facial recognition (InceptionResnet) models
pkgs.pkgsRocm.python3Packages.pytorch3d
FAIR's library of reusable components for deep learning with 3D data
-
nixos-unstable pytorch3d-0.7.8
- nixpkgs-unstable pytorch3d-0.7.8
- nixos-unstable-small pytorch3d-0.7.8
pkgs.pkgsRocm.python3Packages.pytorchviz
Small package to create visualizations of PyTorch execution graphs
-
nixos-unstable 0.0.2-unstable-2024-12-30
- nixpkgs-unstable 0.0.2-unstable-2024-12-30
- nixos-unstable-small 0.0.2-unstable-2024-12-30
pkgs.python312Packages.pytorch-lightning
Lightweight PyTorch wrapper for machine learning researchers
pkgs.python313Packages.pytorch-lightning
Lightweight PyTorch wrapper for machine learning researchers
pkgs.python312Packages.pytorch-pfn-extras
Supplementary components to accelerate research and development in PyTorch
pkgs.python312Packages.pytorch-tokenizers
C++ implementations for various tokenizers (sentencepiece, tiktoken, etc.)
pkgs.python313Packages.pytorch-pfn-extras
Supplementary components to accelerate research and development in PyTorch
pkgs.python313Packages.pytorch-tokenizers
C++ implementations for various tokenizers (sentencepiece, tiktoken, etc.)
pkgs.pkgsRocm.python3Packages.lion-pytorch
Optimizer tuned by Google Brain using genetic algorithms
pkgs.pkgsRocm.python3Packages.pytorch-bench
Benchmarking tool for torch
-
nixos-unstable 2024-07-18
- nixpkgs-unstable 2024-07-18
- nixos-unstable-small 2024-07-18
pkgs.pkgsRocm.python3Packages.pytorch-memlab
Simple and accurate CUDA memory management laboratory for pytorch
pkgs.pkgsRocm.python3Packages.pytorch-msssim
Fast and differentiable MS-SSIM and SSIM for pytorch
pkgs.pkgsRocm.python3Packages.pytorch-tabnet
PyTorch implementation of TabNet
pkgs.pkgsRocm.python3Packages.facenet-pytorch
Pretrained Pytorch face detection (MTCNN) and facial recognition (InceptionResnet) models
pkgs.python312Packages.pytorch-metric-learning
Metric learning library for PyTorch
pkgs.python313Packages.pytorch-metric-learning
Metric learning library for PyTorch
pkgs.pkgsRocm.python3Packages.pytorch-lightning
Lightweight PyTorch wrapper for machine learning researchers
pkgs.pkgsRocm.python3Packages.pytorch-pfn-extras
Supplementary components to accelerate research and development in PyTorch
pkgs.python312Packages.nvidia-dlprof-pytorch-nvtx
NVIDIA DLProf Pytorch NVTX markers
pkgs.python313Packages.nvidia-dlprof-pytorch-nvtx
NVIDIA DLProf Pytorch NVTX markers
pkgs.pkgsRocm.python3Packages.pytorch-metric-learning
Metric learning library for PyTorch
Package maintainers
-
@lucasew Lucas Eduardo Wendt <lucas59356@gmail.com>
-
@veprbl Dmitry Kalinkin <veprbl@gmail.com>
-
@bcdarwin Ben Darwin <bcdarwin@gmail.com>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
-
@tbenst Tyler Benster <nix@tylerbenster.com>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@samuela Samuel Ainsworth <skainsworth@gmail.com>
-
@pbsds Peder Bergebakken Sundt <pbsds@hotmail.com>
-
@SomeoneSerge Else Someone <else+nixpkgs@someonex.net>
-
@jherland Johan Herland <johan@herland.net>