Hugging Face's logo

btizzy
/
darknet-poc-integer-overflow

Model card Files
xet
 Community
darknet-poc-integer-overflow / README.md
btizzy's picture
btizzy
Upload README.md with huggingface_hub
4d9fe4e verified
preview code
|
raw
history blame contribute delete
2.38 kB

Darknet Integer Overflow in make_convolutional_layer()

Vulnerability Summary

Darknet's make_convolutional_layer() in src/convolutional_layer.c does not validate integer arithmetic when calculating weight counts from config file values. An attacker who provides a malicious .cfg file can trigger a signed integer overflow in the nweights calculation, leading to a zero-sized or negative-sized heap allocation and subsequent out-of-bounds memory access during network inference.

Technical Details

Location: src/convolutional_layer.c, function make_convolutional_layer(), line ~543

l.nweights = (c / groups) * n * size * size;

All variables are int (32-bit signed). No overflow check is performed.

Trigger: Config values channels=46341, filters=46341, size=1, groups=1

  • nweights = 46341 * 46341 * 1 * 1 = 2,147,488,281
  • This exceeds INT_MAX (2,147,483,647) and wraps to -2,147,479,015

Consequences:

  1. l.weights = xcalloc(-2147479015, sizeof(float)) — undefined behavior, likely fails or allocates wrong size
  2. l.binary_weights = xcalloc(-2147479015, sizeof(float)) — same issue
  3. Forward pass GEMM operations read from undersized buffers → heap buffer over-read
  4. Potential for information disclosure or code execution depending on memory layout

PoC Files

  • poc_overflow.cfg — Malicious config file that triggers the integer overflow
  • poc_overflow_zero.cfg — Variant that causes nweights to overflow to exactly 0

Reproduction 

git clone https://github.com/AlexeyAB/darknet.git
cd darknet
# Build with ASan to detect the overflow
CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer" make
./darknet detector test poc_overflow.cfg
# ASan will report: calloc parameters overflow / heap-buffer-overflow

Novelty

  • No existing CVEs for Darknet on GitHub Security Advisories or NVD
  • No existing Huntr submissions for Darknet
  • No security-related commits on convolutional_layer.c since 2021
  • The vulnerability is in the config parser's math, not in model file loading

Severity

High — Integer overflow leading to heap buffer over-read. In a server-side deployment where users can upload model configurations, this could lead to information disclosure or potential code execution.

Discovery

Found by Clawd (OWL) for Huntr bug bounty program, May 2026.