CVE-2024-27319 — Out-of-bounds Read in Onnx

CWE-125 — Out-of-bounds Read6 documents5 sources

Severity

9.1CRITICALNVD

CNA4.4

EPSS

0.1%

top 75.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linuxfoundation Onnx Onnx Fedoraproject Fedora

Timeline

PublishedFeb 23

Description

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HExploitability: 3.9 | Impact: 5.2

Affected Packages3 packages

▶PyPIonnx/onnx< 1.16.0+2

▶NVDlinuxfoundation/onnx< 1.16.0

▶CVEListV5onnx/onnx1.15.0

Also affects: Fedora 39, 40

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

Onnx Out-of-bounds Read vulnerability↗2024-02-23

▶

OSV

CVE-2024-27319: Versions of the package onnx before and including 1↗2024-02-23

▶

OSV

Onnx Out-of-bounds Read vulnerability↗2024-02-23

▶

CVEList

CVE-2024-27319: Versions of the package onnx before and including 1↗2024-02-23

▶

📋Vendor Advisories

Microsoft

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.↗2024-02-13

▶