CVE-2024-7776

NameCVE-2024-7776
DescriptionA vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
onnx (PTS)bullseye1.7.0+dfsg-3vulnerable
bookworm1.12.0-2vulnerable
sid, trixie1.17.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
onnxsource(unstable)1.16.2-1

Notes

[bookworm] - onnx <no-dsa> (Minor issue)
https://huntr.com/bounties/a7a46cf6-1fa-454b-988c-62d222e83f63
https://github.com/onnx/onnx/issues/6215
https://github.com/onnx/onnx/pull/6222
https://github.com/onnx/onnx/commit/3fc3845edb048df559aa2a839e39e95503a0ee34 (v1.17.0)
cherry picks of fixes: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)
Search for package or bug name: Reporting problems