Integer Overflow Vulnerability in NVIDIA Triton Inference Server
CVE-2024-53880

4.9MEDIUM

Key Information:

Vendor: Nvidia
Status: Triton Inference Server
Vendor: CVE Published:; 12 February 2025

Summary

The NVIDIA Triton Inference Server has a vulnerability in its model loading API that allows for integer overflow or wraparound errors. This occurs when an attacker loads a model file with an excessively large size, which can exceed the limits of an internal variable. If successfully exploited, this vulnerability may result in denial of service, impacting the availability of the server for legitimate users. Organizations utilizing this server should implement measures to secure their applications against such file size exploits.

Affected Version(s)

Triton Inference Server Windows 24.11

References

https://nvidia.custhelp.com/app/answers/detail/a_id/5612

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Nov 22, 2024