PyTorch 1.12.0 Series DoS Vulnerabilities (CVE-2022-35984~35991)

### Critical Vulnerability Information #### CVE-2022-35984 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Serializing PyTorch objects containing a large number of nested tensors may lead to memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35982 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Deserializing maliciously crafted PyTorch objects may result in memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35983 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Processing tensors with specific shapes may cause memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35985 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Performing specific tensor operations may lead to memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35986 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Processing specific types of tensor indexing may result in memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35987 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Processing specific types of tensor slicing may cause memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35988 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Handling specific types of tensor broadcasting may lead to memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35989 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Processing specific types of tensor views may result in memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35990 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Handling specific types of tensor transposition may cause memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. #### CVE-2022-35991 - **Type**: DoS (Denial of Service) - **Product**: PyTorch - **Version**: 1.12.0 - **Description**: Processing specific types of tensor reshaping may lead to memory exhaustion. - **Mitigation**: Upgrade to a newer version or apply the patch. ``` These vulnerabilities are primarily found in PyTorch version 1.12.0 and involve various scenarios that can lead to memory exhaustion, potentially resulting in denial-of-service attacks. Users are advised to upgrade to the latest version as soon as possible to mitigate potential security risks.

Goal Reached Thanks to every supporter — we hit 100%!

PyTorch 1.12.0 Series DoS Vulnerabilities (CVE-2022-35984~35991)

More from this source