ONNX Path Traversal Vulnerability in save_external_data Function Allows Arbitrary File Overwrite

A path traversal vulnerability has been identified in the ONNX library, specifically in version 1.17.0. The issue arises in the 'save_external_data' function, where the lack of proper validation on user-controlled paths in the 'external_data' field allows attackers to craft malicious tensor data. By using traversal sequences, they can escape intended directory restrictions and overwrite arbitrary files on the system.

Impact

Exploitation of this vulnerability allows for arbitrary file overwriting, which could lead to remote code execution by overwriting files with malicious scripts or payloads. Additionally, it could cause the deletion or corruption of important system, personal, or application files.

Reproduction

To reproduce this vulnerability, create a TensorProto object and craft the 'external_data' locations to include traversal sequences that escape the intended directory. Then, use the 'save_external_data' function to write the data, which will overwrite the specified files.

Remediation

Users can update to ONNX version 1.18.0 or later, where this vulnerability has been fixed.