Publish GHSA-63cw-57p8-fm3p

advisory-database[bot] · advisory-database[bot] · commit 3c54c56535cf · 2026-01-27T20:13:30.000Z
diff --git a/advisories/github-reviewed/2026/01/GHSA-63cw-57p8-fm3p/GHSA-63cw-57p8-fm3p.json b/advisories/github-reviewed/2026/01/GHSA-63cw-57p8-fm3p/GHSA-63cw-57p8-fm3p.json
@@ -0,0 +1,70 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-63cw-57p8-fm3p",
+  "modified": "2026-01-27T20:10:54Z",
+  "published": "2026-01-27T20:10:54Z",
+  "aliases": [
+    "CVE-2026-24747"
+  ],
+  "summary": "PyTorch Vulnerable to Remote Code Execution via Untrusted Checkpoint Files",
+  "details": "### Summary\n\nA vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.pth`) that, when loaded with `torch.load(..., weights_only=True)`, can corrupt memory and potentially lead to arbitrary code execution.\n\n### Vulnerability Details\n\nThe `weights_only=True` unpickler failed to properly validate pickle opcodes and storage metadata, allowing:\n\n1. **Heap memory corruption** via `SETITEM`/`SETITEMS` opcodes applied to non-dictionary types\n2. **Storage size mismatch** between declared element count and actual data in the archive\n\n### Impact\n\nAn attacker who can convince a user to load a malicious checkpoint file may achieve arbitrary code execution in the context of the victim's process.\n\n\n# Credit\nJi'an Zhou",
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "pytorch"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.10.0"
+            }
+          ]
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/pytorch/pytorch/security/advisories/GHSA-63cw-57p8-fm3p"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pytorch/pytorch/issues/163105"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/pytorch/pytorch"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pytorch/pytorch/163122/commit/954dc5183ee9205cbe79876ad05dd2d9ae752139"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/pytorch/pytorch/releases/tag/v2.10.0"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-502",
+      "CWE-94"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-01-27T20:10:54Z",
+    "nvd_published_at": null
+  }
+}
