CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-hwpq-hmq9-wj77: ONNX has Null Pointer Dereference in Upsample Version Converter Adapter (Zero Inputs)

mediumCVSS 5.5CVE-2026-44512
Summary Null pointer dereference (SIGSEGV) in Upsample_6_7::adapt_upsample_6_7() (onnx/version_converter/adapters/upsample_6_7.h:31) when convert_version() processes a model with an Upsample node that has zero inputs. The adapter accesses node->inputs()[0]->sizes() without checking input count. 107-byte PoC crashes on Release build. This is the same class of bug as the Cast adapter advisory (separate report) but in a different adapter, different file, and different operator. Details The Upsample 6→7 adapter validates attributes but not inputs: // upsample_6_7.h:20-33 void adapt_upsample_6_7(..., Node* node) const { ONNX_ASSERTM( node->hasAttribute(width_scale_symbol) && node->hasAttribute(height_scale_symbol), "...") // Attribute check PASSES auto width_scale = node->f(width_scale_symbol); auto height_scale = node->f(height_scale_symbol); auto input_shape = node->inputs()[0]->sizes(); // ^^^^^^^^^^^^^^^^^^^^ // OOB when inputs().size() == 0 → SIGSEGV } The PoC has an Upsample node at opset 6 with the required width_scale and height_scale attributes but zero inputs. The attribute assertions pass, then node->inputs()[0] on an empty ArrayRef: - Release builds (NDEBUG): bounds-check assertion compiled out → reads garbage pointer → SIGSEGV - Debug builds: assert(Index < Length) at array_ref.h:159 → SIGABRT An Upsample node with zero inputs passes graphProtoToGraph() because the import code only resolves input names present in the protobuf. PoC import base64 import onnx from onnx import version_converter poc_b64 = "CAI6YQo8EgFZIghVcHNhbXBsZSoVCgt3aWR0aF9zY2FsZRUAAABAoAEBKhYKDGhlaWdodF9zY2FsZRUAAABAoAEBEgR0ZXN0YhsKAVkSFgoUCAESEAoCCAEKAggBCgIIBAoCCARCBAoAEAY=" model = onnx.load_from_string(base64.b64decode(poc_b64)) CRASHES — Upsample_6_7 adapter dereferences empty inputs array version_converter.convert_version(model, 7) # SIGSEGV 107-byte PoC. Confirmed SIGSEGV on both onnx 1.21.0 (pip) and 1.22.0 (source build). Impact Any application that uses onnx.versi

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
medium — CVSS 5.5
Published
2026-07-07
Last updated
2026-07-07
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-hwpq-hmq9-wj77

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-44512coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from GitHub Security Advisories