CVE-2024-7776
published 2025-03-20CVE-2024-7776: A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to…
PriorityP258critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.36%
68.2th percentile
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | onnx | < onnx 1.16.2-1 (forky) | onnx 1.16.2-1 (forky) |
| onnx | onnx | <= 1.16.1 | — |
| onnx | onnx | >= 0 < 1.16.2-1 | 1.16.2-1 |
| onnx | onnx | >= 0 < 1.16.2-1 | 1.16.2-1 |
| onnx | onnx | >= 0 < 1.17.0 | 1.17.0 |
| onnx | onnx_onnx | unspecified – latest | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability exists in the `download_model` function of the onnx/onnx framework; monitor for path traversal sequences (e.g., `../`) within tar file entries being extracted via this function ↗
- →Alert on file write operations outside the intended extraction directory when onnx's `download_model` function processes tar archives, as this indicates exploitation of the path traversal vulnerability ↗
- ·Debian scope is listed as 'local', which may affect risk prioritization in some environments, though the NVD description notes potential for remote command execution via file overwrite. ↗
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
osv9.1CRITICAL
vendor_debian9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-7776: onnx - A vulnerability in the `download_model` function of the onnx/onnx framework, bef...
vendor_debian·2024·CVSS 9.1
CVE-2024-7776 [CRITICAL] CVE-2024-7776: onnx - A vulnerability in the `download_model` function of the onnx/onnx framework, bef...
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
Scope: local
bookworm: open
bullseye: open
forky: resolved (fixed in 1.16.2-1)
sid: resolved (fixed in 1.16.2-1)
trixie: resolved (fixed in 1.16.2-1)
GHSA
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
ghsa·2025-03-20
CVE-2024-7776 [HIGH] CWE-22 Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
OSV
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
osv·2025-03-20
CVE-2024-7776 [HIGH] Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
OSV
CVE-2024-7776: A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1
osv·2025-03-20·CVSS 9.1
CVE-2024-7776 [CRITICAL] CVE-2024-7776: A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published