Vulnerabilites related to onnx - onnx
CVE-2024-7776 (GCVE-0-2024-7776)
Vulnerability from cvelistv5
Published
2025-03-20 10:10
Modified
2025-03-20 15:52
Severity ?
EPSS score ?
Summary
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-7776", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T15:51:57.316678Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T15:52:00.491Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "onnx/onnx", vendor: "onnx", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:10:58.740Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63", }, ], source: { advisory: "a7a46cf6-1fa0-454b-988c-62d222e83f63", discovery: "EXTERNAL", }, title: "Arbitrary File Overwrite in onnx/onnx", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-7776", datePublished: "2025-03-20T10:10:58.740Z", dateReserved: "2024-08-13T21:28:43.911Z", dateUpdated: "2025-03-20T15:52:00.491Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-27318 (GCVE-0-2024-27318)
Vulnerability from cvelistv5
Published
2024-02-23 17:37
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T00:34:51.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20", }, { tags: [ "x_transferred", ], url: "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:linuxfoundation:onnx:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "onnx", vendor: "linuxfoundation", versions: [ { lessThanOrEqual: "1.15.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-27318", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T15:31:21.543853Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-14T15:46:57.827Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "onnx", product: "onnx", repo: "https://github.com/onnx/onnx", vendor: "onnx", versions: [ { lessThanOrEqual: "1.15.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.</span><br>", }, ], value: "Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-30T02:06:29.877Z", orgId: "6f8de1f0-f67e-45a6-b68f-98777fdb759c", shortName: "HiddenLayer", }, references: [ { url: "https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20", }, { url: "https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "6f8de1f0-f67e-45a6-b68f-98777fdb759c", assignerShortName: "HiddenLayer", cveId: "CVE-2024-27318", datePublished: "2024-02-23T17:37:36.715Z", dateReserved: "2024-02-23T16:59:23.009Z", dateUpdated: "2025-02-13T17:46:25.734Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-27319 (GCVE-0-2024-27319)
Vulnerability from cvelistv5
Published
2024-02-23 17:39
Modified
2025-02-13 17:46
Severity ?
EPSS score ?
Summary
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
References
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-27319", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-02-23T22:35:11.746348Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:58.904Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T00:34:51.009Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", packageName: "onnx", product: "onnx", repo: "https://github.com/onnx/onnx", vendor: "onnx", versions: [ { lessThanOrEqual: "1.15.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<span style=\"background-color: rgb(255, 255, 255);\">Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.</span><br>", }, ], value: "Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.", }, ], impacts: [ { capecId: "CAPEC-540", descriptions: [ { lang: "en", value: "CAPEC-540 Overread Buffers", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-30T02:06:32.790Z", orgId: "6f8de1f0-f67e-45a6-b68f-98777fdb759c", shortName: "HiddenLayer", }, references: [ { url: "https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "6f8de1f0-f67e-45a6-b68f-98777fdb759c", assignerShortName: "HiddenLayer", cveId: "CVE-2024-27319", datePublished: "2024-02-23T17:39:52.870Z", dateReserved: "2024-02-23T16:59:23.010Z", dateUpdated: "2025-02-13T17:46:26.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-03-26 17:20
Severity ?
Summary
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63 | Exploit, Third Party Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:onnx:onnx:*:*:*:*:*:*:*:*", matchCriteriaId: "F3C3A586-29F2-4E07-AF43-2C1428A90EF2", versionEndIncluding: "1.16.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.", }, { lang: "es", value: "Una vulnerabilidad en la función `download_model` del framework onnx/onnx, anterior a la versión 1.16.1 incluida, permite la sobrescritura arbitraria de archivos debido a la prevención inadecuada de ataques de path traversal en archivos tar maliciosos. Esta vulnerabilidad puede ser explotada por un atacante para sobrescribir archivos en el directorio del usuario, lo que podría provocar la ejecución remota de comandos.", }, ], id: "CVE-2024-7776", lastModified: "2025-03-26T17:20:27.680", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-20T10:15:37.520", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/a7a46cf6-1fa0-454b-988c-62d222e83f63", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@huntr.dev", type: "Secondary", }, ], }