Upstream information

CVE-2024-27319 at MITRE

Description

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1220346 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • libonnx >= 1.16.0-1.1
  • libonnx_proto >= 1.16.0-1.1
  • onnx-backend-test >= 1.16.0-1.1
  • onnx-devel >= 1.16.0-1.1
  • python310-onnx >= 1.16.0-1.1
  • python311-onnx >= 1.16.0-1.1
  • python312-onnx >= 1.16.0-1.1
Patchnames:
openSUSE-Tumbleweed-2024-13803


SUSE Timeline for this CVE

CVE page created: Fri Feb 23 21:00:11 2024
CVE page last modified: Tue Sep 3 19:34:13 2024