We use cookies to improve your experience on our site.
AVID-2026-R1342
Description
CVE (CVE-2024-0095)
Details
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
Reason for inclusion in AVID: CVE-2024-0095 describes a vulnerability in NVIDIA Triton Inference Server (a software component used to deploy and serve AI models). The issue enables forged log injection that can lead to code execution, DoS, privilege escalation, information disclosure, and data tampering. This directly concerns AI systems and their software stack, as Triton is a common component in model serving pipelines. It is a software supply-chain relevant vulnerability (dependencies/servers used to run AI workloads) and clearly qualifies as a security/safety vulnerability with actionable impact. The description and references provide sufficient signal to classify it for AVID curation.
References
Affected or Relevant Artifacts
- Developer: nvidia
- Deployer: nvidia
- Artifact Details:
| Type | Name |
|---|---|
| System | NVIDIA Triton Inference Server |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H |
| Base Score | 4.3 |
| Base Severity | 🟠 Medium |
CWE
| ID | Description |
|---|---|
| CWE-117 | CWE-117 |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-06-13
- Version: 0.3.3
- AVID Entry