ONNX Framework Arbitrary File Overwrite Vulnerability in Download Model Function

A vulnerability exists in the ONNX framework, specifically in the download_model function, in versions prior to and including 1.16.1. This vulnerability allows for arbitrary file overwriting due to insufficient protection against path traversal attacks in malicious tar files. An attacker could exploit this to overwrite files in the user's directory, potentially leading to remote command execution.

Impact

Exploitation of this vulnerability could result in arbitrary file overwriting in the user's directory, with the possibility of remote command execution if certain conditions are met.

Reproduction

The vulnerability can be reproduced by creating a malicious tar file that includes a path traversal payload, such as a file named '../poc.txt'. This tar file can be hosted on a local server and downloaded using the ONNX download_model function, which will extract the contents of the tar file without proper validation, overwriting files in the process.

Remediation

Users are advised to update to ONNX version 1.16.2 or later, where this vulnerability has been fixed.