File size: 1,446 Bytes
c8e73e5 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | # TensorRT VULN-004: Input-Controlled DoS via While-Loop Models
## Vulnerability
A structurally valid ONNX model (351 bytes) using a condition-dependent Loop
operator hangs indefinitely during TensorRT inference when given a malicious
input value. The model works correctly with normal inputs but hangs permanently
with extreme inputs.
## Distinct from VULN-003
- VULN-003: Malicious MODEL with static INT64_MAX trip count
- VULN-004: Normal MODEL + malicious INPUT data
- VULN-003 fix (validate max_trip_count) does NOT prevent this
- Requires runtime protection: inference timeout / iteration budget
## Impact
- Input-controlled DoS for any TRT model using while-loops
- Attacker only needs to send a single malicious float value
- Affects Triton, TensorRT-LLM, any TRT-based pipeline
- Model is structurally valid -- cannot be detected by static analysis
## Files
| File | Description |
|------|-------------|
| vuln004_input_dos.py | Main PoC script |
| while_loop.onnx | While-loop ONNX model (351 bytes) |
| while_loop.engine | Compiled TRT engine (11,124 bytes) |
## Reproduction
```bash
pip install tensorrt onnx torch numpy
python vuln004_input_dos.py
```
## Results
- counter=10: completes in 0.001s
- counter=1000: completes in 0.055s
- counter=1e6: HANGS indefinitely
- counter=1e30: HANGS indefinitely
- counter=FLT_MAX: HANGS indefinitely
- No timeout, no warning, no error
|