Upload README.md with huggingface_hub
Browse files
README.md
ADDED
|
@@ -0,0 +1,34 @@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 1 |
+
---
|
| 2 |
+
license: mit
|
| 3 |
+
tags:
|
| 4 |
+
- security-research
|
| 5 |
+
- proof-of-concept
|
| 6 |
+
- vulnerability
|
| 7 |
+
---
|
| 8 |
+
|
| 9 |
+
# PoC: ONNX Runtime NV TensorRT RTX Path Traversal
|
| 10 |
+
|
| 11 |
+
**This repository contains a proof-of-concept for a security vulnerability. It is intended for responsible disclosure via huntr.com.**
|
| 12 |
+
|
| 13 |
+
## Vulnerability
|
| 14 |
+
|
| 15 |
+
Inverted boolean logic in `onnx_ctx_model_helper.cc` (line 321) of the NV TensorRT RTX execution provider disables path traversal security checks when loading EP context models from file paths.
|
| 16 |
+
|
| 17 |
+
**Vulnerable code:**
|
| 18 |
+
```cpp
|
| 19 |
+
bool make_secure_path_checks = ep_context_model_path_.empty();
|
| 20 |
+
// Should be: !ep_context_model_path_.empty();
|
| 21 |
+
```
|
| 22 |
+
|
| 23 |
+
## Files
|
| 24 |
+
|
| 25 |
+
- `malicious_ep_context_model.onnx` — Crafted ONNX model with path traversal payload in `onnx_model_filename` attribute
|
| 26 |
+
- `poc_onnxruntime_tensorrt_rtx.py` — Script that generates the PoC model and explains the vulnerability
|
| 27 |
+
|
| 28 |
+
## Impact
|
| 29 |
+
|
| 30 |
+
Arbitrary file read when loading attacker-supplied ONNX models with the NvTensorRTRTX execution provider.
|
| 31 |
+
|
| 32 |
+
## Researcher
|
| 33 |
+
|
| 34 |
+
Ryan — Fan Pier Labs (ryan@fanpierlabs.com)
|