Triton Inference Server
CVE-2024-0116
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service.
AnalysisAI
NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. NVIDIA Triton Inference Server contains a vulnerability where a user may cause an out-of-bounds read issue by releasing a shared memory region while it is in use. A successful exploit of this vulnerability may lead to denial of service. Affected products include: Nvidia Triton Inference Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
More in Triton Inference Server
View allNVIDIA Triton Inference Server for Linux contains a vulnerability where a user can set the logging location to an arbitr
NVIDIA Triton Inference Server for Linux contains a vulnerability in the tracing API, where a user can corrupt system fi
NVIDIA Triton Inference Server for Linux contains a vulnerability in shared memory APIs, where a user can cause an impro
Denial of service in NVIDIA Triton Inference Server for Linux allows remote unauthenticated attackers to exhaust server
Denial of service in NVIDIA Triton Inference Server for Linux (versions through 26.03) allows a remote attacker to crash
Denial of service in NVIDIA Triton Inference Server for Linux stems from a stack-based buffer overflow (CWE-121) reachab
Denial of service in NVIDIA Triton Inference Server for Linux allows a remote, unauthenticated attacker to disrupt avail
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to exhaust host mem
Denial of service in NVIDIA Triton Inference Server on Linux allows remote unauthenticated attackers to crash the servic
Denial of service in NVIDIA Triton Inference Server for Linux lets remote unauthenticated attackers exhaust server resou
NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-de
NVIDIA Triton Server for Linux contains a vulnerability where an attacker may cause an improper validation of specified
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today