Hugging Face's logo

k4wwak
/
tensorrt-tea-path-traversal

TensorRT
security
adversarial
path-traversal
zip-slip
model-scanner-bypass
Model card Files
xet
 Community
How to use from the
Use from the
TensorRT library
# No code snippets available yet for this library.

# To use this model, check the repository files and the library's documentation.

# Want to help? PRs adding snippets are welcome at:
# https://github.com/huggingface/huggingface.js

TensorRT TEA Path Traversal PoC

CVE: N/A (responsible disclosure) Type: Path Traversal (ZIP Slip) in TensorRT Engine Archive format Impact: Arbitrary file write โ†’ Remote Code Execution

Description

This PoC demonstrates a path traversal vulnerability in NVIDIA TensorRT's Engine Archive (TEA) format. The TEA format is a ZIP-based container used by TensorRT 10.0+ for engine serialization.

When IRuntime::deserializeCudaEngine() loads a .tea file, it extracts ZIP entries without validating paths. A malicious entry like ../../../tmp/evil.py escapes the extraction directory.

Contents

  • tea_path_traversal.tea - Malicious TEA archive containing:
    • build_cfg.json (legitimate)
    • plan_cfg.json (legitimate)
    • engine.trt (legitimate stub)
    • timing.cache (legitimate)
    • ../../../tmp/evil.py (path traversal โ†’ writes outside extraction dir)

Attack Vectors

  1. Arbitrary file write โ†’ RCE via cron, startup scripts, shared libraries
  2. Configuration injection via malicious build_cfg.json
  3. Prototype pollution via __proto__ in config
  4. Symlink escape โ†’ information disclosure

References

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory
  • CWE-494: Download of Code Without Integrity Check
  • Similar: CVE-2022-31129 (zip4j path traversal)

Disclaimer

This PoC is provided for authorized security research and vulnerability disclosure only.

Downloads last month
-
Inference Providers NEW
This model isn't deployed by any Inference Provider. ๐Ÿ™‹ Ask for provider support