CVE-2025-30402:
ExecuTorch vulnerable to Heap-based Buffer Overflow attack
8.1
CVSS ScoreBasic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
executorch | pip | <= 0.6.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability lies in the calculate_nbytes
function in runtime/executor/method_meta.cpp
. The commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
directly patches this function to add integer overflow checks. The vulnerability description mentions a heap-buffer-overflow during the loading of ExecuTorch methods, which aligns with the purpose of calculate_nbytes
—to determine the memory size required for a tensor. The patch replaces the simple multiplication of dimensions with a version that checks for overflow at each step. The added test case TensorInfoSizeOverflow
in runtime/executor/test/method_meta_test.cpp
further confirms that the vulnerability is related to an overflow in size calculation by explicitly testing for it. The vulnerable function executorch::runtime::calculate_nbytes
is called during the model loading process, and an integer overflow within it leads to the allocation of an incorrectly sized buffer, causing the heap overflow when tensor data is loaded.
Vulnerable functions
executorch::runtime::calculate_nbytes
runtime/executor/method_meta.cpp