cbcvebase.
CVE-2024-7776
published 2025-03-20

CVE-2024-7776: A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to…

PriorityP258critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
1.36%
68.2th percentile
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianonnx< onnx 1.16.2-1 (forky)onnx 1.16.2-1 (forky)
onnxonnx<= 1.16.1
onnxonnx>= 0 < 1.16.2-11.16.2-1
onnxonnx>= 0 < 1.16.2-11.16.2-1
onnxonnx>= 0 < 1.17.01.17.0
onnxonnx_onnxunspecified – latest

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability exists in the `download_model` function of the onnx/onnx framework; monitor for path traversal sequences (e.g., `../`) within tar file entries being extracted via this function
  • Alert on file write operations outside the intended extraction directory when onnx's `download_model` function processes tar archives, as this indicates exploitation of the path traversal vulnerability
  • ·Debian scope is listed as 'local', which may affect risk prioritization in some environments, though the NVD description notes potential for remote command execution via file overwrite.

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
osv9.1CRITICAL
vendor_debian9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.