YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
PoC: rebuildTensor Missing Storage Bounds Check β Heap OOB Read/Write
Vulnerability: torch/csrc/jit/serialization/unpickler.cpp:979-982 β rebuildTensor() uses unsafeGetTensorImpl() to set storage_offset and sizes/strides from attacker-controlled pickle data without validating they fit within the storage allocation.
Files
poc_jit_rebuild_oob.pyβ Full PoC (creates crafted models, demonstrates OOB read + SIGSEGV crash)oob_read_model.ptβ Crafted model with offset=1000 (heap data leak)oob_write_model.ptβ Crafted model with offset=268435456 (SIGSEGV crash)
Quick Start
pip install torch
python poc_jit_rebuild_oob.py
Expected Output
- Heap OOB Read: leaks heap data from byte 4000 of 32-byte storage
- SIGSEGV crash on both read and write at large offset
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support