-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability description identifies torch.nn.functional.ctc_loss in aten/src/ATen/native/LossCTC.cpp as affected. The provided commit patches (46fc5d8e360127361211cb237d5f9eef0223e567 and 01f226bfb8f2c343f5c614a6bbf685d91160f3af, which are identical) show that a check TORCH_CHECK(log_probs.numel() > 0, ...) was added to ctc_loss_cpu_template in aten/src/ATen/native/LossCTC.cpp and ctc_loss_gpu_template in aten/src/ATen/native/cuda/LossCTC.cu. This check prevents processing when log_probs is an empty tensor. The absence of this check in versions <= 2.6.0 is the vulnerability. An attacker can provide an empty log_probs tensor to torch.nn.functional.ctc_loss, which would then call these C++ functions, leading to a denial of service due to improper resource handling when processing the empty tensor. The Python function torch.nn.functional.ctc_loss is the user-facing entry point, and the C++ template functions at::native::ctc_loss_cpu_template and at::native::ctc_loss_gpu_template are the native implementations where the core vulnerable logic (or lack of validation) resided.
PythonPython| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| torch | pip | <= 2.6.0 |
Ongoing coverage of React2Shell