NVIDIA Triton Inference Server up to 24.04 on Linux/Windows neutralization for logs
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.5 | $0-$5k | 0.00 |
Summary
A vulnerability marked as critical has been reported in NVIDIA Triton Inference Server up to 24.04 on Linux/Windows. This issue affects some unknown processing. Performing a manipulation results in neutralization for logs. This vulnerability was named CVE-2024-0095. The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.
Details
A vulnerability was found in NVIDIA Triton Inference Server up to 24.04 on Linux/Windows. It has been classified as critical. This affects an unknown code. The manipulation with an unknown input leads to a neutralization for logs vulnerability. CWE is classifying the issue as CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
It is possible to read the advisory at nvidia.custhelp.com. This vulnerability is uniquely identified as CVE-2024-0095 since 12/02/2023. The exploitability is told to be easy. It is possible to initiate the attack remotely. Additional levels of successful authentication are necessary for exploitation. The technical details are unknown and an exploit is not publicly available.
Upgrading eliminates this vulnerability.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.nvidia.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.6VulDB Meta Temp Score: 7.5
VulDB Base Score: 6.7
VulDB Temp Score: 6.4
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 7.2
NVD Vector: 🔍
CNA Base Score: 9.0
CNA Vector (NVIDIA Corporation): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Neutralization for logsCWE: CWE-117 / CWE-116 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
12/02/2023 🔍06/14/2024 🔍
06/14/2024 🔍
09/27/2025 🔍
Sources
Vendor: nvidia.comAdvisory: nvidia.custhelp.com
Status: Confirmed
CVE: CVE-2024-0095 (🔍)
GCVE (CVE): GCVE-0-2024-0095
GCVE (VulDB): GCVE-100-268503
Entry
Created: 06/14/2024 04:58Updated: 09/27/2025 02:14
Changes: 06/14/2024 04:58 (62), 06/18/2024 14:08 (1), 09/27/2025 02:14 (12)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.