#VU87689 Path traversal in onnx - CVE-2024-27318

Cybersecurity Help s.r.o.

Published: 2024-03-21 | Updated: 2024-03-26

Vulnerability identifier: #VU87689

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-27318

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
onnx
Universal components / Libraries / Libraries used by multiple products

Vendor: Open Neural Network Exchange

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences passed via the external_data field of the tensor proto. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Note, the vulnerability exists due to incomplete fix for #VU75176 (CVE-2022-25882).

Mitigation
Install update from vendor's website.

Vulnerable software versions

onnx: 0.1 - 1.15.0

External links
https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20
https://github.com/onnx/onnx/releases/tag/v1.16.0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Splunk Python for Scientific Computing update for third-party packages

Fedora 39 update for onnx

Fedora 40 update for onnx

Multiple vulnerabilities in Open Neural Network Exchange onnx