SAI Security Advisory

Out of bounds read due to lack of string termination in assert

February 23, 2024

Products Impacted

This vulnerability is present in ONNX v1.1.0 up to and including v1.15.0.

CVSS Score: 3.3

AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE Categorization

CWE-125: Out-of-bounds Read

Details

The vulnerability exists within the onnx/common/assertions.cc file, in the barf function. This is triggered when any assert fails and the resulting string is 2048 characters or longer.

std::string barf(const char* fmt, ...) {
  char msg[2048];
  va_list args;

  va_start(args, fmt);
  // Although vsnprintf might have vulnerability issue while using format string with overflowed length,
  // it should be safe here to use fixed length for buffer "msg". No further checking is needed.
  vsnprintf(msg, 2048, fmt, args);
  va_end(args);

  return std::string(msg);
}

In the barf function, which is called by  ONNX_ASSERT and ONNX_ASSERTM a buffer with 2048 bytes is allocated for the generated string. However, in the vsnprintf call 2048 bytes are copied to the buffer before turning the buffer into a string. This means that any strings 2048 bytes or longer will not have a null terminator. When the string is created the program will continue reading past the end of the buffer and will copy arbitrary program memory until a string terminator is reached.

Project URL

https://github.com/onnx/onnx

Patches

https://github.com/onnx/onnx/releases/tag/v1.16.0

Related SAI Security Advisory

CVE-2025-62354

November 26, 2025

Allowlist Bypass in Run Terminal Tool Allows Arbitrary Code Execution During Autorun Mode

Cursor

When in autorun mode, Cursor checks commands sent to run in the terminal to see if a command has been specifically allowed. The function that checks the command has a bypass to its logic allowing an attacker to craft a command that will execute non-allowed commands.

November 2025
CVE-2025-62353

October 17, 2025

Path Traversal in File Tools Allowing Arbitrary Filesystem Access

Windsurf

A path traversal vulnerability exists within Windsurf’s codebase_search and write_to_file tools. These tools do not properly validate input paths, enabling access to files outside the intended project directory, which can provide attackers a way to read from and write to arbitrary locations on the target user’s filesystem.

October 2025