关联漏洞
介绍
**Demonstrating CVE-2025-23320**
This repo replicates CVE-2025-23320, demonstrating CWE-209, Generation of Error Message Containing Sensitive Information(CVSS Score: 7.5). This vulnerability exists on all NVIDIA Triton inference servers 25.06 and before.
This docker setup runs a network containing an NVIDIA triton inference server and an attacking client. This environment also ensures the client runs on linux, so the CVE is replicable on all operating systems.
**To build/run**
docker compose --build-no-cache
if this is the first time running, this could take a while, as this pulls the NVIDIA triton server version 25.06 image from github
Then:
docker compose up
**POC**
The attacking client script is run automatically, outputting an error message in the form: Failed to increase the shared memory pool size for key 'triton_python_backend_shm_region_8a463f1a-fcd6-4c1b-b4b5-df63f9c512ad' to 54525952 bytes.
After obtaining this key, an attacker can perform numerous actions. In our code implementation, the attacker utilized Triton's unregister API. Since Triton does not verify who is invoking this API, the function will execute. If the attacker subsequently uses the register function, successfully triggering a race condition, it will result in an out-of-bounds (OOB) write.
文件快照
[4.0K] /data/pocs/6de5c76d73e00fe3b86727e0c572ed770a7d61f2
├── [4.0K] client
│ ├── [2.7K] attacker.py
│ ├── [ 714] Dockerfile
│ └── [2.7K] victim.py
├── [ 906] docker-compose.yml
├── [4.0K] models
│ └── [4.0K] identity
│ ├── [4.0K] 1
│ │ └── [ 835] model.py
│ └── [ 244] config.pbtxt
└── [1.3K] README.md
4 directories, 7 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。