Lucene search

GitHub Advisory DatabaseGHSA-H8WV-9H96-M4HR

HistoryFeb 23, 2024 - 6:30 p.m.

Onnx Out-of-bounds Read vulnerability

2024-02-2318:30:59

CWE-125

GitHub Advisory Database

github.com

versions

onnx

vulnerability

out-of-bounds read

software

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.

Affected configurations

Vulners

Node

linuxfoundationonnxRange≤1.15.0

CPENameOperatorVersion
onnxle1.15.0

CPE	Name	Operator	Version
	onnx	le	1.15.0

References

github.com/advisories/GHSA-h8wv-9h96-m4hr

github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287

lists.fedoraproject.org/archives/list/[email protected]/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY

lists.fedoraproject.org/archives/list/[email protected]/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL

nvd.nist.gov/vuln/detail/CVE-2024-27319

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for GHSA-H8WV-9H96-M4HR