Skip to content

fix(deps): update dependency onnx to v1.22.0 [security]#6993

Merged
oep-renovate[bot] merged 2 commits into
developfrom
renovate/pypi-onnx-vulnerability
Jul 8, 2026
Merged

fix(deps): update dependency onnx to v1.22.0 [security]#6993
oep-renovate[bot] merged 2 commits into
developfrom
renovate/pypi-onnx-vulnerability

Conversation

@oep-renovate

@oep-renovate oep-renovate Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
onnx ==1.21.0==1.22.0 age confidence

ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

CVE-2026-44512 / GHSA-hwpq-hmq9-wj77

More information

Details

Summary

Null pointer dereference (SIGSEGV) in Upsample_6_7::adapt_upsample_6_7() (onnx/version_converter/adapters/upsample_6_7.h:31) when convert_version() processes a model with an Upsample node that has zero inputs. The adapter accesses node->inputs()[0]->sizes() without checking input count. 107-byte PoC crashes on Release build.

This is the same class of bug as the Cast adapter advisory (separate report) but in a different adapter, different file, and different operator.

Details

The Upsample 6→7 adapter validates attributes but not inputs:

// upsample_6_7.h:20-33
void adapt_upsample_6_7(..., Node* node) const {
    ONNX_ASSERTM(
        node->hasAttribute(width_scale_symbol) && node->hasAttribute(height_scale_symbol),
        "...")  // Attribute check PASSES

    auto width_scale = node->f(width_scale_symbol);
    auto height_scale = node->f(height_scale_symbol);

    auto input_shape = node->inputs()[0]->sizes();
    //                 ^^^^^^^^^^^^^^^^^^^^
    //                 OOB when inputs().size() == 0 → SIGSEGV
}

The PoC has an Upsample node at opset 6 with the required width_scale and height_scale attributes but zero inputs. The attribute assertions pass, then node->inputs()[0] on an empty ArrayRef:

  • Release builds (NDEBUG): bounds-check assertion compiled out → reads garbage pointer → SIGSEGV
  • Debug builds: assert(Index < Length) at array_ref.h:159 → SIGABRT

An Upsample node with zero inputs passes graphProtoToGraph() because the import code only resolves input names present in the protobuf.

PoC
import base64
import onnx
from onnx import version_converter

poc_b64 = "CAI6YQo8EgFZIghVcHNhbXBsZSoVCgt3aWR0aF9zY2FsZRUAAABAoAEBKhYKDGhlaWdodF9zY2FsZRUAAABAoAEBEgR0ZXN0YhsKAVkSFgoUCAESEAoCCAEKAggBCgIIBAoCCARCBAoAEAY="

model = onnx.load_from_string(base64.b64decode(poc_b64))

##### CRASHES — Upsample_6_7 adapter dereferences empty inputs array
version_converter.convert_version(model, 7)  # SIGSEGV

107-byte PoC. Confirmed SIGSEGV on both onnx 1.21.0 (pip) and 1.22.0 (source build).

Impact

Any application that uses onnx.version_converter.convert_version() on untrusted models is vulnerable. This includes model conversion pipelines and tools that auto-upgrade opset versions for compatibility. The crash is unrecoverable (SIGSEGV).

This vulnerability is part of a systemic pattern across multiple version converter adapters. A full audit of all ~45 adapters was performed as part of the fix; eight adapters were found with the same class of unguarded indexed access (cast_9_8, softmax_12_13, softmax_13_12, upsample_6_7, upsample_9_10, group_normalization_20_21, broadcast_forward_compatibility, upsample_9_8) and all have been fixed in PR #​7813.

Severity

  • CVSS Score: 5.5 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).


Release Notes

onnx/onnx (onnx)

v1.22.0

Compare Source

ONNX v1.22.0 is now available with exciting new features! We would like to thank everyone who contributed to this release!
Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations
Spec and Operator

Two new operators LinearAttention-27 and CausalConvWithState-27 were introduced.

Reference Implementation
Utilities and Tools
Build, CI and Tests
Documentation
Other Changes

New Contributors

Full Changelog: onnx/onnx@v1.21.0...v1.22.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

Signed-off-by: oep-renovate[bot] <212772560+oep-renovate[bot]@users.noreply.github.com>
@oep-renovate oep-renovate Bot requested review from a team and sys-geti as code owners July 8, 2026 03:07
@oep-renovate oep-renovate Bot enabled auto-merge July 8, 2026 03:07
@github-actions github-actions Bot added DEPENDENCY Any changes in any dependencies (new dep or its version) should be produced via Change Request on PM BUILD Geti Library Issues related to Geti Library (OTX) labels Jul 8, 2026
sys-geti
sys-geti previously approved these changes Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

⏱️ Backend import time — app.main

Accelerator Cumulative (s) Self (s)
cpu 4.473 0.003
xpu 4.501 0.003
cuda 4.960 0.003

@codecov-commenter

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

🐳 Docker image sizes

Device Size
cuda 10208.3 MB (9.97 GB)
xpu 10801.7 MB (10.55 GB)
cpu 4013.1 MB (3.92 GB)

Signed-off-by: Barabanov, Alexander <alexander.barabanov@intel.com>
@AlexanderBarabanov AlexanderBarabanov requested a review from a team as a code owner July 8, 2026 09:35
@github-actions github-actions Bot added the Geti Backend Issues related to the Geti application server label Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown

📊 Test coverage report

Metric Coverage
Lines 60.0%
Functions 56.7%
Branches 51.5%
Statements 59.6%

@oep-renovate oep-renovate Bot added this pull request to the merge queue Jul 8, 2026
Merged via the queue into develop with commit 99e3727 Jul 8, 2026
54 checks passed
@oep-renovate oep-renovate Bot deleted the renovate/pypi-onnx-vulnerability branch July 8, 2026 16:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

BUILD DEPENDENCY Any changes in any dependencies (new dep or its version) should be produced via Change Request on PM Geti Backend Issues related to the Geti application server Geti Library Issues related to Geti Library (OTX)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants