README.md

# ONNX Runtime Vulnerability PoCs

**Disclosed via huntr.com** — ONNX MFV program

Proof-of-concept scripts demonstrating vulnerabilities in ONNX Runtime's sparse initializer and external data processing (tested on `onnxruntime==1.24.1`).

## Setup

```bash
python3 -m venv venv
./venv/bin/pip install onnxruntime==1.24.1 onnx==1.20.1 numpy
```

## PoCs

### PoC A — Arbitrary File Read (sparse initializer path traversal)
```bash
./venv/bin/python pocs/onnx-sparse-traversal/poc.py
```

### PoC B — Arbitrary File Read (bytes-loaded, empty base_dir)
```bash
./venv/bin/python pocs/onnx-path-traversal/poc.py
```

### PoC C — Arbitrary Memory Read + Heap OOB Write
```bash
./venv/bin/python pocs/onnx-rce-escalation/poc_oob_write.py mem
./venv/bin/python pocs/onnx-rce-escalation/poc_oob_write.py oob
```

### PoC D — Full RCE (glibc exit handler overwrite)
** Tested on Ubuntu with glibc 2.39. Offsets are glibc-version-specific.**
```bash
./venv/bin/python pocs/onnx-rce-escalation/poc_rce_glibc_exitfuncs.py
```