btizzy
/

darknet-poc-integer-overflow

Model card Files Files and versions

darknet-poc-integer-overflow / README.md

btizzy's picture

Upload README.md with huggingface_hub

4d9fe4e verified 10 days ago

|

history blame contribute delete

2.38 kB

	# Darknet Integer Overflow in make_convolutional_layer()

	## Vulnerability Summary

	Darknet's `make_convolutional_layer()` in `src/convolutional_layer.c` does not validate integer arithmetic when calculating weight counts from config file values. An attacker who provides a malicious `.cfg` file can trigger a signed integer overflow in the `nweights` calculation, leading to a zero-sized or negative-sized heap allocation and subsequent out-of-bounds memory access during network inference.

	## Technical Details

	Location: `src/convolutional_layer.c`, function `make_convolutional_layer()`, line ~543

	```c
	l.nweights = (c / groups) * n * size * size;
	```

	All variables are `int` (32-bit signed). No overflow check is performed.

	Trigger: Config values `channels=46341, filters=46341, size=1, groups=1`
	- `nweights = 46341 * 46341 * 1 * 1 = 2,147,488,281`
	- This exceeds `INT_MAX` (2,147,483,647) and wraps to -2,147,479,015

	Consequences:
	1. `l.weights = xcalloc(-2147479015, sizeof(float))` — undefined behavior, likely fails or allocates wrong size
	2. `l.binary_weights = xcalloc(-2147479015, sizeof(float))` — same issue
	3. Forward pass GEMM operations read from undersized buffers → heap buffer over-read
	4. Potential for information disclosure or code execution depending on memory layout

	## PoC Files

	- `poc_overflow.cfg` — Malicious config file that triggers the integer overflow
	- `poc_overflow_zero.cfg` — Variant that causes nweights to overflow to exactly 0

	## Reproduction

	```bash
	git clone https://github.com/AlexeyAB/darknet.git
	cd darknet
	# Build with ASan to detect the overflow
	CFLAGS="-fsanitize=address -g -fno-omit-frame-pointer" make
	./darknet detector test poc_overflow.cfg
	# ASan will report: calloc parameters overflow / heap-buffer-overflow
	```

	## Novelty

	- No existing CVEs for Darknet on GitHub Security Advisories or NVD
	- No existing Huntr submissions for Darknet
	- No security-related commits on `convolutional_layer.c` since 2021
	- The vulnerability is in the config parser's math, not in model file loading

	## Severity

	High — Integer overflow leading to heap buffer over-read. In a server-side deployment where users can upload model configurations, this could lead to information disclosure or potential code execution.

	## Discovery

	Found by Clawd (OWL) for Huntr bug bounty program, May 2026.