| Name | CVE-2024-7776 |
| Description | A vulnerability in the `download_model` function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files in the user's directory, potentially leading to remote command execution. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| onnx (PTS) | bullseye | 1.7.0+dfsg-3 | vulnerable |
| bookworm | 1.12.0-2 | vulnerable | |
| trixie, sid | 1.17.0-3 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| onnx | source | (unstable) | 1.16.2-1 |
[bookworm] - onnx <no-dsa> (Minor issue)
[bullseye] - onnx <postponed> (Minor issue, part of the test suite)
https://huntr.com/bounties/a7a46cf6-1fa-454b-988c-62d222e83f63
https://github.com/onnx/onnx/issues/6215
https://github.com/onnx/onnx/pull/6222
Follow-up to CVE-2024-5187 but different vulnerability in the download_model function
https://github.com/onnx/onnx/commit/1b70f9b673259360b6a2339c4bd97db9ea6e552f (v1.17.0)
cherry picks of fixes: https://github.com/onnx/onnx/commit/84051888d0943883a0edbf683f68c05ca3b28c40 (v1.16.2)