YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
huntr PoC - Heap OOB read in ExecuTorch Program::load (insecure default) (CWE-1188 + CWE-125)
Malicious model file: PoC_pte_minimal_oob.pte (264 bytes, SHA-256 0e2aecc948754e8bef510735d209099219d335cd45e1845bd8ecb4c274050891)
Loading this crafted ExecuTorch .pte via the DEFAULT API (Module(path).load() / Program::load) causes
a heap out-of-bounds READ in Program::load (runtime/executor/program.cpp:251, via
SubsegmentOffsets::offsets() and flatbuffers::ReadScalar). Module::load/Program::load default to
Verification::Minimal and default builds compile out the verifier (ET_ENABLE_PROGRAM_VERIFICATION off),
so even an explicit InternalConsistency request silently downgrades to Minimal and the unverified
FlatBuffer is accessed. Reproduced on HEAD with AddressSanitizer; cleanly rejected only with a
verification-enabled build + explicit InternalConsistency.
PoC artifact for a huntr Model File Format (ExecuTorch) disclosure.
- Downloads last month
- 6