{"id":"CVE-2024-27319","details":"Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.","aliases":["GHSA-h8wv-9h96-m4hr","PYSEC-2024-223"],"modified":"2026-04-12T10:25:00.541943Z","published":"2024-02-23T18:15:50.960Z","related":["CGA-rq6w-587w-q3v3","openSUSE-SU-2024:13803-1"],"references":[{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGTBH5ZYL2LGYHIJDHN2MAUURIR5E7PY/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFJJID2IZDOLFDMWVYTBDI75ZJQC6JOL/"},{"type":"FIX","url":"https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/onnx/onnx","events":[{"introduced":"0"},{"fixed":"990217f043af7222348ca8f0301e17fa7b841781"},{"fixed":"08a399ba75a805b7813ab8936b91d0e274b08287"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.16.0"}]}}],"versions":["v0.1","v0.2","v1.1.0","v1.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-27319.json","vanir_signatures_modified":"2026-04-12T10:25:00Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"39"}]},{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"vanir_signatures":[{"source":"https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287","target":{"file":"onnx/common/assertions.cc","function":"barf"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"CVE-2024-27319-015c0050","digest":{"length":190,"function_hash":"150149194993235291064360914277493068496"}},{"source":"https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287","target":{"file":"onnx/common/assertions.cc"},"signature_version":"v1","signature_type":"Line","deprecated":false,"id":"CVE-2024-27319-544933c0","digest":{"line_hashes":["101106728693998339951729822204693471475","208885074752424638675853475558295782158","331612258296014788007629159681433131682","315469259872839591120959177607505227360","170584720565874348943179677145476593174","320609885732320917201972430254444073524","213336569564941719947686272868626561565","113723751918112567312510435892577266575","134629294599338790974108607091807632424","276428317196113829494738400934358987720"],"threshold":0.9}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}]}