PyPi: Onnxruntime

CVE-2022-1941

Transitive

Safety vulnerability ID: 53249

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 22, 2022 Updated at Nov 21, 2024
Scan your Python projects for vulnerabilities →

Advisory

Onnxruntime 1.13.1 updates 'protobuf' to v3.18.3 to include a security fix.

Affected package

onnxruntime

Latest version: 1.20.1

ONNX Runtime is a runtime accelerator for Machine Learning models

Affected versions

Fixed versions

Vulnerability changelog

Announcements
* Security issues addressed by this release
1. A protobuf security issue CVE-2022-1941 that impact users who load ONNX models from untrusted sources, for example, a deep learning inference service which allows users to upload their models then runs the inferences in a shared environment.
2. An ONNX security vulnerability that allows reading of tensor_data outside the model directory, which allows attackers to read or write arbitrary files on an affected system that loads ONNX models from untrusted sources. (12915)
* Deprecations
* CUDA 10.x support at source code level
* Windows 8.x support in Nuget/C API prebuilt binaries. Support for Windows 7+ Desktop versions (including Windows servers) will be retained by building ONNX Runtime from source.
* NUPHAR EP code is removed
* Dependency versioning updates
* C++ 17 compiler is now required to build ORT from source. On Linux, GCC version >=7.0 is required.
* Minimal numpy version bumped to 1.21.6 (from 1.21.0) for ONNX Runtime Python packages
* Official ONNX Runtime GPU packages now require CUDA version >=11.6 instead of 11.4.

General
* Expose all arena configs in Python API in an extensible way
* Fix ARM64 NuGet packaging
* Fix EP allocator setup issue affecting TVM EP

Performance
* Transformers CUDA improvements
* Quantization on GPU for BERT - notebook, documentation on QAT, transformer optimization toolchain and quantized kernels.
* Add fused attention CUDA kernels for BERT.
* Fuse `Add` (bias) and `Transpose` of Q/K/V into one kernel for Attention and LongformerAttention.
* Reduce GEMM computation in LongformerAttention with a new weight format.
* General quantization (tool and kernel)
* [Quantization debugging tool](https://onnxruntime.ai/docs/performance/quantization.html#quantization-debugging) - identify sensitive node/layer from accuracy drop discrepancies
* New quantize API based on QuantConfig
* New quantized operators: SoftMax, Split, Where

Execution Providers
* CUDA EP
* Official ONNX Runtime GPU packages are now built with CUDA version 11.6 instead of 11.4, but should still be backwards compatible with 11.4
* TensorRT EP
* Build option to link against pre-built onnx-tensorrt parser; this enables potential "no-code" TensorRT minor version upgrades and can be used to build against TensorRT 8.5 EA
* Improved nested control flow support
* Improve HashId generation used for uniquely identifying TRT engines. Addresses issues such as [TRT Engine Cache Regeneration Issue](https://github.com/triton-inference-server/onnxruntime_backend/issues/145)
* TensorRT uint8 support
* OpenVINO EP
* OpenVINO version upgraded to 2022.2.0
* Support for INT8 QDQ models from [NNCF](https://github.com/openvinotoolkit/nncf/tree/develop/examples/experimental/onnx/)
* Support for Intel 13th Gen Core Process (Raptor Lake)
* Preview support for Intel discrete graphics cards [Intel Data Center GPU Flex Series](https://www.intel.com/content/www/us/en/products/docs/discrete-gpus/data-center-gpu/flex-series/overview.html) and [Intel Arc GPU](https://www.intel.com/content/www/us/en/products/details/discrete-gpus/arc.html)
* Increased test coverage for GPU Plugin
* SNPE EP
* Add support for [Windows Dev Kit 2023](https://onnxruntime.ai/winarm.html)
* [Nuget Package](https://www.nuget.org/packages/Microsoft.ML.OnnxRuntime.Snpe) is now available
* DirectML EP
* Update to [DML 1.9.1](https://www.nuget.org/packages/Microsoft.AI.DirectML/1.9.1)
* [New ops](https://github.com/microsoft/onnxruntime/blob/main/docs/OperatorKernels.md#dmlexecutionprovider): [LayerNormalization](https://github.com/microsoft/onnxruntime/pull/12809), [Gelu](https://github.com/microsoft/onnxruntime/pull/12898/), MatMulScale, [DFT](https://github.com/microsoft/onnxruntime/pull/12710), [FusedMatMul](https://github.com/microsoft/onnxruntime/pull/12898/) (contrib)
* Bug fixes: DML EP Fix InstanceNormalization with 3D tensors (12693), DML EP squeeze all axes when empty (12649), DirectML GEMM broken in opset 11 and 13 when optional tensor C not provided (12568)
* **[new]** CANN EP - Initial integration of CANN EP contributed by Huawei to support Ascend 310 (11477)

Mobile
* EP infrastructure
* Implemented support for additional EPs that use static kernels
* Required for EPs like XNNPACK to be supported in minimal build
* Removes need for kernel hashes to reduce maintenance overhead for developers
* NOTE: ORT format models will need to be regenerated as the format change is NOT backwards compatible. We're replacing hashes for the CPU EP kernels with operator constraint information for operators used by the model so that we can match any static kernels available at runtime.
* XNNPack
* Added more kernels including QDQ format model support
* AveragePool, Softmax,
* QLinearConv, QLinearAveragePool, QLinearSoftmax
* Added support for XNNPACK using threadpool
* See [documentation](https://onnxruntime.ai/docs/execution-providers/Xnnpack-ExecutionProvider.html) for recommendations on how to configure the XNNPACK threadpool
* ORT format model peak memory usage
* Added ability to use ORT format model directly for initializers to reduce peak memory usage
* Enabled via SessionOptions config
* https://onnxruntime.ai/docs/reference/ort-format-models.html#load-ort-format-model-from-an-in-memory-byte-array
* Set "session.use_ort_model_bytes_directly" and "session.use_ort_model_bytes_for_initializers" to "1"

Web
* Support for 4GB memory in webassembly
* Upgraded emscripten to 3.1.19
* Build from source support for [onnxruntime-extensions](https://github.com/microsoft/onnxruntime-extensions) and [sentencepiece](https://github.com/microsoft/onnxruntime-extensions/blob/main/docs/custom_ops.md#sentencepiecetokenizer)
* Initial support for XNNPACK for optimizations for Wasm

Training
* Training packages updated to CUDA version 11.6 and removed CUDA 10.2 and 11.3
* Performance improvements via op fusions like BiasSoftmax and Dropout fusion, Gather to Split fusion etc targeting SOTA models
* Added Aten support for GroupNorm, InstanceNormalization, Upsample nearest
* Bug fix for SimplifiedLayerNorm, seg fault for alltoall
---
Contributions
Contributors to ONNX Runtime include members across teams at Microsoft, along with our community members:
[snnn](https://github.com/snnn), [baijumeswani#2baijumeswani](https://github.com/baijumeswani#2baijumeswani), [edgchen1](https://github.com/edgchen1), [iK1D](https://github.com/iK1D), [skottmckay](https://github.com/skottmckay), [cloudhan](https://github.com/cloudhan), [tianleiwu](https://github.com/tianleiwu), [fs-eire](https://github.com/fs-eire), [mszhanyi](https://github.com/mszhanyi), [WilBrady](https://github.com/WilBrady), [hariharans29](https://github.com/hariharans29), [chenfucn](https://github.com/chenfucn), [fdwr](https://github.com/fdwr), [yuslepukhin](https://github.com/yuslepukhin), [wejoncy](https://github.com/wejoncy), [PeixuanZuo](https://github.com/PeixuanZuo), [pengwa](https://github.com/pengwa), [yufenglee](https://github.com/yufenglee), [jchen351](https://github.com/jchen351), [justinchuby](https://github.com/justinchuby), [dependabot[bot]](https://github.com/dependabot[bot]), [RandySheriffH](https://github.com/RandySheriffH), [sumitsays](https://github.com/sumitsays), [wschin](https://github.com/wschin), [wangyems](https://github.com/wangyems), [YUNQIUGUO](https://github.com/YUNQIUGUO), [ytaous](https://github.com/ytaous), [pranavsharma](https://github.com/pranavsharma), [vvchernov](https://github.com/vvchernov), [natke](https://github.com/natke), [Craigacp](https://github.com/Craigacp), [RandyShuai](https://github.com/RandyShuai), [smk2007](https://github.com/smk2007), [zhangyaobit](https://github.com/zhangyaobit), [jcwchen](https://github.com/jcwchen), [yihonglyu](https://github.com/yihonglyu), [georgen117](https://github.com/georgen117), [chilo-ms](https://github.com/chilo-ms), [ashbhandare](https://github.com/ashbhandare), [faxu](https://github.com/faxu), [jstoecker](https://github.com/jstoecker), [gramalingam](https://github.com/gramalingam), [garymm](https://github.com/garymm), [jeffbloo](https://github.com/jeffbloo), [xadupre](https://github.com/xadupre), [jywu-msft](https://github.com/jywu-msft), [askhade](https://github.com/askhade), [RyanUnderhill](https://github.com/RyanUnderhill), [thiagocrepaldi](https://github.com/thiagocrepaldi), [mindest](https://github.com/mindest), [jingyanwangms](https://github.com/jingyanwangms), [wenbingl](https://github.com/wenbingl), [ashari4](https://github.com/ashari4), [sfatimar](https://github.com/sfatimar), [MaajidKhan](https://github.com/MaajidKhan), [souptc](https://github.com/souptc), [HectorSVC](https://github.com/HectorSVC), [weixingzhang](https://github.com/weixingzhang), [zhanghuanrong](https://github.com/zhanghuanrong)

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH