Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-44512

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. This vulnerability allows a remote attacker to cause an unrecoverable denial of service DoS by providing a specially crafted untrusted model. The flaw occurs when the...

6.5CVSS6.1AI score0.0017EPSS
Exploits1References7
NVD
NVD
added 6 days ago6 views

CVE-2026-44512

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.0017EPSS
Exploits1References4
CVE
CVE
added 6 days ago11 views

CVE-2026-44512

Open Neural Network Exchange (ONNX) has a vulnerability in version_converter.convert_version() for opset upgrades prior to 1.22.0. The Upsample_6_7 adapter dereferences inputs()[0] without validating that inputs exist, causing a null-pointer dereference (SIGSEGV) when processing a model with an U...

5.5CVSS6AI score0.0017EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 6 days ago40 views

CVE-2026-44512 ONNX: Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. From 1.9.0 before 1.22.0, onnx.versionconverter.convertversion can dereference a null pointer in Upsample67::adaptupsample67 in onnx/versionconverter/adapters/upsample67.h when processing an untrusted mod...

5.5CVSS0.0017EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/07/07 1:2 p.m.5 views

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

5.5CVSS6AI score0.0017EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/07/07 1:2 p.m.3 views

GHSA-HWPQ-HMQ9-WJ77 ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

Summary Null pointer dereference SIGSEGV in Upsample67::adaptupsample67 onnx/versionconverter/adapters/upsample67.h:31 when convertversion processes a model with an Upsample node that has zero inputs. The adapter accesses node-inputs0-sizes without checking input count. 107-byte PoC crashes on...

5.5CVSS6AI score0.0017EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.8 views

PT-2026-56215

Name of the Vulnerable Software and Affected Versions Open Neural Network Exchange ONNX versions 1.9.0 through 1.21.0 Description Processing an untrusted model with an Upsample node containing zero inputs can lead to an unrecoverable denial of service. The issue occurs when the onnx.version...

5.5CVSS6AI score0.0017EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/03/23 7:3 a.m.9 views

CVE-2026-4598

A flaw was found in jsrsasign. A remote attacker could exploit this vulnerability by providing specially crafted zero or negative inputs to the bnModInverse function within the BigInteger.modInverse implementation. This could lead to an infinite loop, causing a permanent denial of service DoS by...

8.7CVSS5.7AI score0.00554EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2026/03/23 5:0 a.m.10 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/23 5:0 a.m.34 views

CVE-2026-4598

Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the process permanently by supplying such crafted values e.g.,...

8.7CVSS0.00554EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/23 12:0 a.m.7 views

jsrsasign 安全漏洞

jsrsasign is a signature verification library developed by Kenji Urushima. Versions of jsrsasign prior to 11.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the bnModInverse function in ext/jsbn2.js, which could cause infinite loops when processing zero or negative...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/18 6:5 a.m.17 views

Infinite loop

Overview jsrsasign is a free pure JavaScript cryptographic library. Affected versions of this package are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing an attacker to hang the...

8.7CVSS5.8AI score0.00554EPSS
Exploits1References2
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/15 12:0 a.m.12 views

Duplicate

This advisory duplicates another...

5.9AI score
Exploits0References7Affected Software1
Microsoft CVE
Microsoft CVE
added 2022/12/02 8:0 a.m.6 views

Seg fault in `ndarray_tensor_bridge` due to zero and large inputs in Tensorflow

...

7.5CVSS7.7AI score0.0033EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2021/08/03 2:5 p.m.3 views

glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions

A flaw was found in glibc in versions prior to 2.32. Pseudo-zero values are not validated causing a stack corruption due to a stack-based overflow. The highest threat from this vulnerability is to system availability...

5.5CVSS7.1AI score0.00758EPSS
Exploits1References4
Rows per page
Query Builder