CVE-2022-25882

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-25882

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-25882.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-25882

Aliases

Downstream

UBUNTU-CVE-2022-25882

Published

2023-01-26T21:15:31Z

Modified

2025-10-21T07:00:13.003319Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"

References

Affected packages

Git / github.com/onnx/onnx

Affected ranges

Type: GIT
Repo: https://github.com/onnx/onnx
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f369b0e859024095d721f1d1612da5a8fa38988d

Affected versions

v0.*

v0.1

v0.2

v1.*

v1.1.0

v1.3.0

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "294267849857177954869038065398403025800",
                "116866936142568544212450762786110382737"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "onnx/common/path.h"
        },
        "id": "CVE-2022-25882-0f884896",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "140852066425541712802168204983283686848",
                "159075992383580164584026964016564131465",
                "300240074163715596157682743086266242467",
                "172789922231202761091060370966157679821",
                "112153765193335070721742738860480859742",
                "193156842502559573432759836995091333593",
                "189820502915280248919233585930976262099",
                "10910522645806151768200731146679571042"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "onnx/checker.cc"
        },
        "id": "CVE-2022-25882-a22b1eb9",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "230790867792095841097197400131578124462",
                "211585359162340708665775267385157578671",
                "167749466009662926405582170771257753781"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "onnx/common/path.cc"
        },
        "id": "CVE-2022-25882-b57b8290",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "source": "https://github.com/onnx/onnx/commit/f369b0e859024095d721f1d1612da5a8fa38988d",
        "signature_version": "v1",
        "digest": {
            "function_hash": "236142197083740176217770268839943114454",
            "length": 3051.0
        },
        "target": {
            "function": "check_tensor",
            "file": "onnx/checker.cc"
        },
        "id": "CVE-2022-25882-e9290fe4",
        "deprecated": false,
        "signature_type": "Function"
    }
]