CVE-2024-0087

Published: May 14, 2024Modified: Sep 19, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

NVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitrary file. If this file exists, logs are appended to the file. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Affected (1)

Products: Nvidia: Triton Inference Server

1 product

Triton Inference Server

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Nvidia Triton Inference Server	From 20.10 to 24.04

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Related CWEs

External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

References (2)

https://nvidia.custhelp.com/app/answers/detail/a_id/5535

Source: psirt@nvidia.com

Vendor Advisory

https://nvidia.custhelp.com/app/answers/detail/a_id/5535

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.