ГлавнаяУязвимости → CVE-2023-31036
7.5высокая

CVE-2023-31036

Описание

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Затрагиваемое ПО
Nvidia Triton inference serverLinux Linux kernelMicrosoft Windows
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://nvidia.custhelp.com/app/answers/detail/a_id/5509https://nvidia.custhelp.com/app/answers/detail/a_id/5509