Buffer Overflow resolution

tm-kachi · October 16, 2025, 5:24am

I saw that 2.7.0 had a Buffer Overflow vulnerability outlined here https://www.cvedetails.com/cve/CVE-2025-55558/. Upgraded to 2.9.0 but vulnerability wasn’t fixed. Wondering if this would be resolved soon?

ptrblck · October 16, 2025, 6:41pm

Is the CVE not already fixed via this and this PR as linked in the CVE description?

tm-kachi · October 30, 2025, 9:37am

Apologies for the late reply back, I was mistaken, the new Buffer Overflow was pertaining to the pad_packed_sequence function for RNNs outlined here. This seems to not have been resolved at this time.

ptrblck · October 30, 2025, 1:58pm

The CVE is reported as medium in the NVD so I would not expect a high priority.

CC @malfet for security issues.