Medium

server

Log Injection Vulnerability in Inference Server

The Triton Inference Server versions 24.01 to 24.04 are vulnerable to log injection, allowing attackers to insert arbitrary log entries. This vulnerability, patched in version 24.05, arises from insufficient input sanitization, enabling log forgery and ANSI escape sequence injection.

Available publicly on May 31 2024

4.3

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Threat Overview

Log injection in the Triton Inference Server allows attackers to forge log entries by injecting arbitrary data into logs. This vulnerability is particularly dangerous as it can be used to obscure malicious activities, misattribute actions to innocent parties, and manipulate terminal behavior through ANSI escape sequences. The lack of input sanitization for log entries facilitates this issue, undermining the integrity and reliability of log data, which is crucial for security incident investigation and system monitoring.

Attack Scenario

An attacker exploits this vulnerability by crafting a malicious request to the server, including specially formatted input that, when processed, results in arbitrary log entries. These entries can either mask the attacker's activities, falsely implicate another user, or execute ANSI escape sequences in terminals, potentially leading to further exploitation or disruption.

Who is affected

Administrators and users of the Triton Inference Server versions 24.01 through 24.04 are affected by this vulnerability. The risk extends to any system where logs are used for monitoring, troubleshooting, or security analysis, as the integrity of log data is compromised.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.