# TensorRT Engine Stack Buffer Overrun PoC (VULN-009)

## Vulnerability

Stack-based buffer overflow (CWE-121) in TensorRT engine deserializer (libnvinfer.dll).
A single-byte mutation in the NGNE section of a valid engine file triggers
STATUS_STACK_BUFFER_OVERRUN (0xC0000409) during deserializeCudaEngine().

## Distinction from VULN-006

| | VULN-006 | VULN-009 |
|---|---------|---------|
| Exception | ACCESS_VIOLATION (0xC0000005) | STACK_BUFFER_OVERRUN (0xC0000409) |
| CWE | CWE-125 (OOB Read) | CWE-121 (Stack-based Buffer Overflow) |
| Mechanism | Corrupted pointer dereference | Stack cookie corruption |
| Security implication | Read primitive | Write primitive (potential RCE) |
| Crash offsets | 3 offsets | 140 offsets |

## Tested On
- TensorRT 10.15.1.29
- Windows, RTX 4080 Super, CUDA 12.x

## Reproduction

```bash
python vuln009_standalone_poc.py build
python vuln009_standalone_poc.py crash
python vuln009_standalone_poc.py verify
```

## Files
- vuln009_standalone_poc.py - self-contained PoC script
- vuln009_valid.engine - clean engine (3,708 bytes)
- vuln009_crash.engine - crash engine (1 byte different at offset 498)
- vuln009_meta.txt - crash metadata