{"data":{"id":"87c7523e-461c-47af-b4c0-30d8e18ee07e","title":"GHSA-hwpq-hmq9-wj77: ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)","summary":"ONNX has a null pointer dereference (a crash caused by accessing invalid memory) in its version converter when processing Upsample nodes that have zero inputs. The converter checks that required attributes exist but fails to verify that the node actually has inputs before trying to access them, causing a crash (SIGSEGV) when converting models from opset version 6 to 7.","solution":"All affected adapters, including the Upsample_6_7 adapter, have been fixed in PR #7813. A full audit of all ~45 adapters identified eight adapters with the same unguarded indexed access vulnerability (cast_9_8, softmax_12_13, softmax_13_12, upsample_6_7, upsample_9_10, group_normalization_20_21, broadcast_forward_compatibility, upsample_9_8), and all have been corrected.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-hwpq-hmq9-wj77","publishedAt":"2026-07-07T13:02:10.000Z","cveId":"CVE-2026-44512","cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":["onnx@>= 1.9.0, < 1.22.0 (fixed: 1.22.0)"],"affectedVendors":[],"affectedVendorsRaw":["ONNX"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-07T13:02:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}