CVE-2024-27319
Published: 23 February 2024
Summary
CVE-2024-27319 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Fedoraproject Fedora. Its CVSS base score is 4.4 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 24.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Deep Learning Frameworks; in the Other ATLAS/OWASP Terms risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-0125
Vulnerability details
Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Deep Learning Frameworks
- Risk Domain
- Other ATLAS/OWASP Terms
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- ONNX (Open Neural Network Exchange) is an open format and ecosystem for interoperable machine learning models, widely used in deep learning frameworks like PyTorch, TensorFlow, and ONNX Runtime for model representation, export, and inference.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The out-of-bounds read vulnerability in the ONNX library's assert functions enables exploitation to crash applications processing malformed ONNX models, facilitating endpoint denial of service.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.