CVE-2024-27319

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-27319

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-27319.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-27319

Aliases

GHSA-h8wv-9h96-m4hr

Related

openSUSE-SU-2024:13803-1

Published

2024-02-23T18:15:50Z

Modified

2024-10-12T11:20:42.637342Z

Summary

[none]

Details

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNXASSERT and ONNXASSERTM functions have an off by one string copy.

References

https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/

Affected packages

Git / github.com/onnx/onnx

Affected ranges

Type: GIT
Repo: https://github.com/onnx/onnx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

08a399ba75a805b7813ab8936b91d0e274b08287

Affected versions

v0.*

v0.1

v0.2

v1.*

v1.1.0

v1.3.0