CVE-2024-27319 Common Vulnerabilities and Exposures

Upstream information

CVE-2024-27319 at MITRE

Description

Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1220346 [NEW]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`libonnx >= 1.16.0-1.1` `libonnx_proto >= 1.16.0-1.1` `onnx-backend-test >= 1.16.0-1.1` `onnx-devel >= 1.16.0-1.1` `python310-onnx >= 1.16.0-1.1` `python311-onnx >= 1.16.0-1.1` `python312-onnx >= 1.16.0-1.1`	Patchnames: openSUSE Tumbleweed GA libonnx-1.16.0-1.1

SUSE Timeline for this CVE

CVE page created: Fri Feb 23 21:00:11 2024
CVE page last modified: Thu Mar 28 00:41:20 2024