CVE-2024-0095

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-0095
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.

9.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5546 Vendor Advisory
https://nvidia.custhelp.com/app/answers/detail/a_id/5546 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*
OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

26 Sep 2025, 23:41

Type Values Removed Values Added
First Time Microsoft
Nvidia
Nvidia triton Inference Server
Linux
Microsoft windows
Linux linux Kernel
CPE cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5546 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5546 - Vendor Advisory

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://nvidia.custhelp.com/app/answers/detail/a_id/5546 - () https://nvidia.custhelp.com/app/answers/detail/a_id/5546 -

17 Jun 2024, 12:43

Type Values Removed Values Added
Summary
  • (es) NVIDIA Triton Inference Server para Linux y Windows contiene una vulnerabilidad en la que un usuario puede inyectar registros falsificados y comandos ejecutables inyectando datos arbitrarios como una nueva entrada de registro. Una explotación exitosa de esta vulnerabilidad podría provocar la ejecución de código, denegación de servicio, escalada de privilegios, divulgación de información y manipulación de datos.

13 Jun 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-13 22:15

Updated : 2025-09-26 23:41

NVD link : CVE-2024-0095

Mitre link : CVE-2024-0095

CVE.ORG link : CVE-2024-0095

JSON object : View

Products Affected

linux

  • linux_kernel

nvidia

  • triton_inference_server

microsoft

  • windows
CWE
CWE-117

Improper Output Neutralization for Logs