4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
github.com/advisories/GHSA-h8wv-9h96-m4hr
github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287
lists.fedoraproject.org/archives/list/[email protected]/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY
lists.fedoraproject.org/archives/list/[email protected]/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL
nvd.nist.gov/vuln/detail/CVE-2024-27319
4.4 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%