CVE-2022-25882
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-25882
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-25882.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-25882
- Aliases
- Downstream
- Published
- 2023-01-26T21:15:31Z
- Modified
- 2025-09-19T13:48:47.791042Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
- References
-
- https://gist.github.com/jnovikov/02a9aff9bf2188033e77bd91ff062856
- https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d
- https://github.com/onnx/onnx/issues/3991
- https://github.com/onnx/onnx/pull/4400
- https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479
- https://github.com/onnx/onnx/blob/96516aecd4c110b0ac57eba08ac236ebf7205728/onnx/checker.cc%23L129
Affected packages
Git / github.com/onnx/onnx
Affected ranges
- Type
- GIT
- Repo
- https://github.com/onnx/onnx
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "onnx/common/path.h"
},
"digest": {
"line_hashes": [
"294267849857177954869038065398403025800",
"116866936142568544212450762786110382737"
],
"threshold": 0.9
},
"id": "CVE-2022-25882-0f884896"
},
{
"source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "onnx/checker.cc"
},
"digest": {
"line_hashes": [
"140852066425541712802168204983283686848",
"159075992383580164584026964016564131465",
"300240074163715596157682743086266242467",
"172789922231202761091060370966157679821",
"112153765193335070721742738860480859742",
"193156842502559573432759836995091333593",
"189820502915280248919233585930976262099",
"10910522645806151768200731146679571042"
],
"threshold": 0.9
},
"id": "CVE-2022-25882-a22b1eb9"
},
{
"source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "onnx/common/path.cc"
},
"digest": {
"line_hashes": [
"230790867792095841097197400131578124462",
"211585359162340708665775267385157578671",
"167749466009662926405582170771257753781"
],
"threshold": 0.9
},
"id": "CVE-2022-25882-b57b8290"
},
{
"source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "onnx/checker.cc",
"function": "check_tensor"
},
"digest": {
"function_hash": "236142197083740176217770268839943114454",
"length": 3051.0
},
"id": "CVE-2022-25882-e9290fe4"
}
]
}