Hugging Face's logo

ShayanBanerjeeIISc
/
tensorrt-detectionlayer-serialized-numclasses-poc

TensorRT
security
proof-of-concept
model-format
Model card Files
xet
 Community
tensorrt-detectionlayer-serialized-numclasses-poc / README.md
ShayanBanerjeeIISc's picture
ShayanBanerjeeIISc
Add TensorRT DetectionLayer model-format PoC
195ba7d verified
preview code
|
Raw
History Blame Contribute Delete
1.26 kB
metadata 
tags:
  - security
  - proof-of-concept
  - tensorrt
  - model-format
library_name: tensorrt

TensorRT DetectionLayer Serialized mNbClasses PoC

This repository contains the gated proof-of-concept model artifact for a TensorRT serialized engine parsing vulnerability in the DetectionLayer_TRT plugin.

The PoC engine was produced from a valid one-class DetectionLayer engine and then patched at the serialized plugin metadata so mNbClasses is deserialized as 2 while the backing score tensor remains one-class. During inference the plugin returns an adjacent guard value in the detection output, demonstrating out-of-bounds read / information exposure behavior from a crafted TensorRT .engine model file.

Files

  • replay_serialized_numclasses_guard_disclosure.engine: crafted PoC TensorRT engine. SHA-256: e33f5f2f6fc26d9f93a71b95b7c15a331193401f206f62b9c32f38fc63f34c70
  • negative_control_unpatched_numclasses.engine: unpatched control TensorRT engine. SHA-256: a5a8852de46b9c8e02c6bb1de3d68ee6f6b05535502dc5ed2d785b7689754d80
  • run_tensorrt_detectionlayer_serialized_numclasses_oob.py: replay helper for verifying the positive and negative-control engines.

The model files are intentionally gated for triage access.