YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
TFLite β OOB Read via Crafted String Tensor
Status: PoC CONFIRMED β β Ready for huntr submission
| Field | Value |
|---|---|
| Target | tensorflow-lite (huntr.com β tensorflow/tensorflow) |
| Format | .tflite (FlatBuffers) |
| Vuln | CWE-125 Out-of-Bounds Read |
| CVSS | 8.2 High |
| Trigger | tf.lite.Interpreter("poc.tflite") β invoke() β SIGSEGV |
| Exit code | 139 (repeatable) |
Quick Repro
python3 poc/make_poc.py # creates poc.tflite
python3 poc/trigger.py # crashes with SIGSEGV
echo $? # 139
Files
poc/make_poc.pyβ PoC builderpoc/trigger.pyβ crash triggerpoc/poc.tfliteβ 428-byte malicious modelreport.mdβ huntr submissionevidence/poc-run.htmlβ self-contained HTML evidence page
Key Source Locations
- Root cause:
tensorflow/compiler/mlir/lite/utils/string_utils.h(GetString, no bounds check) - Sink:
tensorflow/lite/kernels/fill.cc:112(FillString β AddString from OOB ptr) - Load skip:
tensorflow/lite/core/subgraph.cc:1944(string tensors skip BytesRequired check)
- Downloads last month
- 7
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support