| tags: | |
| - security | |
| - proof-of-concept | |
| - tensorrt | |
| - model-format | |
| library_name: tensorrt | |
| # TensorRT DetectionLayer Serialized `mNbClasses` PoC | |
| This repository contains the gated proof-of-concept model artifact for a TensorRT | |
| serialized engine parsing vulnerability in the `DetectionLayer_TRT` plugin. | |
| The PoC engine was produced from a valid one-class DetectionLayer engine and then | |
| patched at the serialized plugin metadata so `mNbClasses` is deserialized as `2` | |
| while the backing score tensor remains one-class. During inference the plugin | |
| returns an adjacent guard value in the detection output, demonstrating | |
| out-of-bounds read / information exposure behavior from a crafted TensorRT | |
| `.engine` model file. | |
| ## Files | |
| - `replay_serialized_numclasses_guard_disclosure.engine`: crafted PoC TensorRT | |
| engine. SHA-256: | |
| `e33f5f2f6fc26d9f93a71b95b7c15a331193401f206f62b9c32f38fc63f34c70` | |
| - `negative_control_unpatched_numclasses.engine`: unpatched control TensorRT | |
| engine. SHA-256: | |
| `a5a8852de46b9c8e02c6bb1de3d68ee6f6b05535502dc5ed2d785b7689754d80` | |
| - `run_tensorrt_detectionlayer_serialized_numclasses_oob.py`: replay helper for | |
| verifying the positive and negative-control engines. | |
| The model files are intentionally gated for triage access. | |