YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
TensorRT VULN-004: Input-Controlled DoS via While-Loop Models
Vulnerability
A structurally valid ONNX model (351 bytes) using a condition-dependent Loop operator hangs indefinitely during TensorRT inference when given a malicious input value. The model works correctly with normal inputs but hangs permanently with extreme inputs.
Distinct from VULN-003
- VULN-003: Malicious MODEL with static INT64_MAX trip count
- VULN-004: Normal MODEL + malicious INPUT data
- VULN-003 fix (validate max_trip_count) does NOT prevent this
- Requires runtime protection: inference timeout / iteration budget
Impact
- Input-controlled DoS for any TRT model using while-loops
- Attacker only needs to send a single malicious float value
- Affects Triton, TensorRT-LLM, any TRT-based pipeline
- Model is structurally valid -- cannot be detected by static analysis
Files
| File | Description |
|---|---|
| vuln004_input_dos.py | Main PoC script |
| while_loop.onnx | While-loop ONNX model (351 bytes) |
| while_loop.engine | Compiled TRT engine (11,124 bytes) |
Reproduction
pip install tensorrt onnx torch numpy
python vuln004_input_dos.py
Results
- counter=10: completes in 0.001s
- counter=1000: completes in 0.055s
- counter=1e6: HANGS indefinitely
- counter=1e30: HANGS indefinitely
- counter=FLT_MAX: HANGS indefinitely
- No timeout, no warning, no error
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support