Описание
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| onnx | fixed | 1.16.2-1 | package | |
| onnx | no-dsa | bookworm | package | |
| onnx | postponed | bullseye | package |
Примечания
https://huntr.com/bounties/a7a46cf6-1fa-454b-988c-62d222e83f63
https://github.com/onnx/onnx/issues/6215
https://github.com/onnx/onnx/pull/6222
Follow-up to CVE-2024-5187 but different vulnerability in the download_model function
https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f (v1.17.0)
cherry picks of fixes: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
EPSS
Связанные уязвимости
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
Open Neural Network Exchange (ONNX) Path Traversal Vulnerability
EPSS