File size: 1,216 Bytes
88f4664 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 | # TensorRT Engine Stack Buffer Overrun PoC (VULN-009)
## Vulnerability
Stack-based buffer overflow (CWE-121) in TensorRT engine deserializer (libnvinfer.dll).
A single-byte mutation in the NGNE section of a valid engine file triggers
STATUS_STACK_BUFFER_OVERRUN (0xC0000409) during deserializeCudaEngine().
## Distinction from VULN-006
| | VULN-006 | VULN-009 |
|---|---------|---------|
| Exception | ACCESS_VIOLATION (0xC0000005) | STACK_BUFFER_OVERRUN (0xC0000409) |
| CWE | CWE-125 (OOB Read) | CWE-121 (Stack-based Buffer Overflow) |
| Mechanism | Corrupted pointer dereference | Stack cookie corruption |
| Security implication | Read primitive | Write primitive (potential RCE) |
| Crash offsets | 3 offsets | 140 offsets |
## Tested On
- TensorRT 10.15.1.29
- Windows, RTX 4080 Super, CUDA 12.x
## Reproduction
```bash
python vuln009_standalone_poc.py build
python vuln009_standalone_poc.py crash
python vuln009_standalone_poc.py verify
```
## Files
- vuln009_standalone_poc.py - self-contained PoC script
- vuln009_valid.engine - clean engine (3,708 bytes)
- vuln009_crash.engine - crash engine (1 byte different at offset 498)
- vuln009_meta.txt - crash metadata
|