PyTorch’s torch.distributed.rpc framework security update advisory

Jun 12 2024

Overview

An update has been released to address vulnerability in PyTorch’s torch.distributed.rpc framework. Users of affected versions are advised to update to the latest version.

Affected Products

PyTorch’s torch.distributed.rpc framework version 2.2.2 or below

Resolved Vulnerabilities

Arbitrary command execution vulnerability in PyTorch’s torch.distributed.rpc framework due to failure to properly validate functions called during remote procedure call (RPC) operations (CVE-2024-5480)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the referenced sites to update to the latest vulnerability patches version.

PyTorch’s torch.distributed.rpc framework version 2.2.3 or 2.3.1

Referenced Sites

[1] CVE-2024-5480 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-5480

[2] PyTorch Distributed RPC Framework Remote Code Execution in pytorch/pytorch

https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3

[3] Attn!! Artificial Intelligence(AI) Companies and Researchers using PyTorch.

https://twitter.com/patchnow24x7/status/1799662524901765281

PyTorch’s torch.distributed.rpc framework security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Rejetto HTTP File Server (HFS) Product Security Update Advisory

Microsoft Edge browser (126.0.6478.57) Version security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Rejetto HTTP File Server (HFS) Product Security Update Advisory

Microsoft Edge browser (126.0.6478.57) Version security update advisory