ONNX Runtime OOM DoS — Proof of Concept
Vulnerability
CWE-770: Unbounded memory allocation in ONNX Runtime C++ core during initializer parsing.
ONNX Runtime allocates memory based on TensorProto.dims without checking total size.
Impact
136-byte model → 2^60 element allocation → std::bad_alloc → process crash.
Files
malicious_oom.onnx— Malicious ONNX model (136 bytes)poc_exploit.py— Exploit script (generator)vulnerability_report.md— Full technical report
Reproduction
pip install onnxruntime
python3 poc_exploit.py
python3 -c "import onnxruntime; onnxruntime.InferenceSession('malicious_oom.onnx')"