| # ONNX Runtime OOM DoS β Proof of Concept | |
| ## Vulnerability | |
| CWE-770: Unbounded memory allocation in ONNX Runtime C++ core during initializer parsing. | |
| ONNX Runtime allocates memory based on `TensorProto.dims` without checking total size. | |
| ## Impact | |
| 136-byte model β 2^60 element allocation β std::bad_alloc β process crash. | |
| ## Files | |
| - `malicious_oom.onnx` β Malicious ONNX model (136 bytes) | |
| - `poc_exploit.py` β Exploit script (generator) | |
| - `vulnerability_report.md` β Full technical report | |
| ## Reproduction | |
| ```bash | |
| pip install onnxruntime | |
| python3 poc_exploit.py | |
| python3 -c "import onnxruntime; onnxruntime.InferenceSession('malicious_oom.onnx')" | |
| ``` | |