Hugging Face's logo

cyberwawa
/
tensorrt-plugin-overflow-poc

Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

TensorRT Systemic Plugin Deserialization Overflow PoC

30+ TensorRT plugins use unsafe read<>() / readFromBuffer<>() primitives with ZERO bounds checking. Attacker-controlled values from .engine files drive vector resize, malloc, and cudaMemcpy without validation.

Affected Plugins (partial list)

  • FlattenConcat, Region, GridAnchor, DecodeBbox3D, BatchedNMS
  • DetectionOutput, EmbLayerNorm, PriorBox, Reorg, SpecialSlice
  • 20+ more in plugin/common/ consumers

Root Cause

plugin/common/plugin.h read<>() and plugin/common/templates.h readFromBuffer<>() blindly memcpy from buffer with no remaining-size check.

Contrast

BERT plugins use serialize.hpp which DOES check remaining size. ONNX parser has multiplicationWillOverflow(). Safer code exists but is not used.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support