VULN-011: Heap Buffer Overflow in TensorRT ONNX Parser via INT4 Tensor (CWE-122)
Summary
A crafted ONNX model with an INT4/UINT4 tensor where int32_data array exceeds the tensor shape causes a heap buffer overflow in TensorRT ONNX parser. The convertPackedInt32Data() function writes attacker-controlled data past the end of a heap buffer.
- CWE: CWE-122 (Heap-based Buffer Overflow)
- Severity: Critical (CVSS 8.8) - potentially exploitable for RCE
- Affected: TensorRT 10.15.1.29
- Crash: STATUS_HEAP_CORRUPTION (0xC0000374) - confirmed heap write corruption
- Reproducibility: 100% (15/15)
Files
- vuln011_int4_heap_overflow.onnx (1,107 bytes) - INT4, 1KB overflow
- vuln011_uint4_heap_overflow.onnx (10,090 bytes) - UINT4, 5KB overflow
- vuln011_int4_extreme.onnx (100,091 bytes) - INT4, 100KB overflow
- vuln011_int4_heap_overflow.py - Build/crash/verify script
Reproduction
python vuln011_int4_heap_overflow.py build python vuln011_int4_heap_overflow.py verify python vuln011_int4_heap_overflow.py crash
Root Cause
WeightsContext.cpp convertPackedInt32Data() writes nbytes=int32_data.size() bytes to a buffer allocated for (volume(shape)*4+4)/8 bytes. No bounds check. Attacker controls overflow length and content.
- Downloads last month
- 36
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support