AIKIDO-2025-10928
cuequivariance-jax is vulnerable to Out-of-bounds Write
52
Medium Risk
This Affects:
cuequivariance-jaxTL;DR
Affected versions of this package are vulnerable to Out-of-Bounds Memory Access in cuet.triangle_attention due to improper handling of return values in the backward pass of triangle attention operations, where the old code failed to assign and cast outputs from triangle_attention_cuda_bwd, leading to illegal memory access. An attacker could exploit this by crafting malicious inputs that trigger index overflows or out-of-bounds writes during gradient computation, potentially resulting in memory corruption, leaks from GPU memory, or arbitrary code execution. The patched code mitigates this by explicitly assigning return values and ensuring proper data type casting.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
cuequivariance-jax is vulnerable to Out-of-bounds Write in versions 0.1.0 - 0.7.0.
How to fix this
Upgrade the cuequivariance-jax library to the patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant