CVE-2024-0095 — Improper Output Neutralization for Logs in Nvidia Triton Inference Server

CWE-117 — Improper Output Neutralization for Logs3 documents3 sources

Severity

7.2HIGHNVD

CNA9.0

EPSS

0.5%

top 33.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Triton Inference Server Nvidia Triton Inference Server

Timeline

PublishedJun 13

Latest updateJun 14

Description

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/triton_inference_server20.10 — 24.05

▶CVEListV5nvidia/nvidia_triton_inference_server20.10 to 24.04

🔴Vulnerability Details

GHSA

GHSA-mrrp-vrqf-8vqm: NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting↗2024-06-14

▶

CVEList

CVE↗2024-06-13

▶