CVE-2023-31036

Name of the Vulnerable Software and Affected Versions NVIDIA Triton Inference Server (affected versions not specified)

Description The issue is related to errors in processing relative paths to directories during model loading in NVIDIA Triton Inference Server. This can allow a remote attacker to gain unauthorized access to protected information, elevate privileges, execute arbitrary code, or cause a denial of service using the --model-control explicit configuration. The vulnerability can be exploited through the model load API, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.