YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
ONNX Checker Integer Overflow & Validation Bypass PoC
Vulnerabilities in onnx 1.21.0
Three validation bypass vulnerabilities in onnx.checker:
1. Integer Overflow (HIGH)
checker.cc:129 — nelem *= x without overflow check. Tensor with dims=[2^31, 2^31] and 16 bytes raw_data passes check_tensor().
2. Negative Dimension Injection (HIGH)
Checker accepts dims=[4, -1]. numpy_helper.to_array() silently produces shape (4, 4) instead of rejecting.
3. High Dimensionality DoS (MEDIUM)
Checker accepts 100 dimensions. numpy_helper.to_array() crashes (numpy max = 64).
Files
| File | Size | Vulnerability |
|---|---|---|
| poc_overflow.onnx | 113 B | Integer overflow checker bypass |
| poc_negative_dims.onnx | 161 B | Negative dimension injection |
| poc_highdim.onnx | 290 B | High dimensionality crash |
Reproduction
import onnx
from onnx import checker, numpy_helper
# All three pass checker but are malformed:
for f in ["poc_overflow.onnx", "poc_negative_dims.onnx", "poc_highdim.onnx"]:
model = onnx.load(f)
checker.check_model(model) # PASSES (bug)
License
MIT
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support