Hugging Face's logo

wulonchia
/
poc-onnxruntime-linear-oob

ONNX
security-research
poc
Model card Files
xet
 Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

PoC: ONNX Runtime LinearRegressor/LinearClassifier Heap OOB Read

⚠️ Security research only. These models are crafted to demonstrate a vulnerability.

These ONNX models trigger a heap buffer over-read in ONNX Runtime's LinearRegressor and LinearClassifier operators.

Files

  • linear_regressor_oob.onnx - Triggers OOB read in LinearRegressor
  • linear_classifier_oob.onnx - Triggers OOB read in LinearClassifier

Vulnerability

The operators don't validate that the coefficients attribute array is large enough for the input tensor dimensions, causing GEMM to read past the end of the buffer.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support