CVE-2024-0095

CRITICAL

Nvidia Triton Inference Server < 24.05 - Denial of Service

Title source: rule

Description

NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

References (1)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5546

Scores

CVSS v3 9.0

EPSS 0.0050

EPSS Percentile 66.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-117

Status published

Products (1)

nvidia/triton_inference_server 20.10 - 24.05

Published Jun 13, 2024

Tracked Since Feb 18, 2026