YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
TFLite CWE-789: Uncapped Tensor Size Allocation
Status: CONFIRMED β READY TO SUBMIT
Severity: Medium-High (P2) β DoS
Target
- Repo: tensorflow/tensorflow (
tensorflow/lite/) - Platform: huntr.com
- Format:
.tflite(FlatBuffers)
What Exists vs What's Missing
| Protection | Present? | Notes |
|---|---|---|
Integer overflow guard (MultiplyAndCheckOverflow) |
β Yes | Prevents wrapping (e.g., INT64_MAX * 2) |
| Per-dimension value cap | β No | dim=32768 accepted without limit |
Maximum tensor byte cap (kMaxTensorBytes) |
β No | 4 GB allocation reaches aligned_alloc unchecked |
Vulnerable Call Chain
.tflite file β FlatBuffers parse
interpreter_builder.cc:598 FlatBufferIntArrayToVector(tensor->shape()) β no per-dim cap
util.cc:220-256 BytesRequired() β MultiplyAndCheckOverflow β overflow only, no size cap
arena_planner.cc arena_.Allocate(tensor.bytes) β uncapped
simple_memory_arena.cc aligned_alloc(allocation_size) β 4 GB, no ceiling
Exploit
Shape [1, 32768, 32768] float32 β 32768 Γ 32768 Γ 4 = 4,294,967,296 bytes (4 GB).
BytesRequired() returns kTfLiteOk β no integer overflow. No size ceiling checked.
aligned_alloc(4 GB) fires; on Linux with default overcommit, malloc succeeds and OOM-killer fires.
PoC Files
poc_tflite_oom.pyβ buildsevil.tfliteand triggersallocate_tensors()evil.tfliteβ generated by the script
Reproduction
pip install flatbuffers tflite-runtime
python poc_tflite_oom.py
Fix
Add a size cap in BytesRequired() (tensorflow/lite/util.cc):
constexpr size_t kMaxTensorBytes = 1ULL << 30; // 1 GB
if (*bytes > kMaxTensorBytes) return kTfLiteError;
- Downloads last month
- 8
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support