4.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287