README.md

# PoC: ExecuTorch Out-of-bounds Read via Crafted .pte File

## Vulnerability

Out-of-bounds heap read in ExecuTorch `Program::load()` and metadata accessors when processing a crafted `.pte` file. The default loading path (`Verification::Minimal`) does not run the FlatBuffers Verifier, so crafted offsets cause SIGSEGV when accessing program metadata.

**CWE:** CWE-125 (Out-of-bounds Read)
**Tested:** `executorch==1.1.0` (pip), source commit `a17428b33d7cdb0bc4b4917da4e487dbcfe4173d`

## Reproduction

```bash
pip install executorch==1.1.0
python3 reproduce.py
```

Expected output:
```
[*] Testing: poc_flatbuf_oob.pte (64 bytes)
    Loading program... (should crash)
Segmentation fault (core dumped)
```

## Files

- `poc_flatbuf_oob.pte` — 64-byte crafted .pte file (triggers SEGV in `get_execution_plan()` via `strcmp` on invalid pointer)
- `poc_vtable_oob.pte` — 64-byte crafted .pte file (triggers SEGV in `get_method_name()` via invalid VTable offset)
- `reproduce.py` — Self-contained Python reproduction script