nvidia-pytriton@0.5.9 vulnerabilities

PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.

Direct Vulnerabilities

Known vulnerabilities in the nvidia-pytriton package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • C
Buffer Access with Incorrect Length Value

nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.

Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value via the MessageQueue class in the bundled Python backend. An attacker could cause an out-of-bounds write by sending a specially crafted request, leading to information disclosure, denial of service, or remote code execution, through corruption of existing data structures within the backend's shared memory.

Note: This vulnerability is only exploitable when using the default bundled Python backend /pytriton/tritonserver/backends/python/libtriton_python.so and requires the attacker to obtain the shared memory key of a legitimate user-owned region.

How to fix Buffer Access with Incorrect Length Value?

There is no fixed version for nvidia-pytriton.

[0,)
  • H
Information Exposure

nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.

Affected versions of this package are vulnerable to Information Exposure via the SharedMemoryManager::GrowIfNeeded function in the bundled Python backend. An attacker could cause the shared memory limit to be exceeded by sending a large request, leading to information disclosure. The resulting error message improperly includes the unique name of the backend's internal IPC shared memory region.

How to fix Information Exposure?

There is no fixed version for nvidia-pytriton.

[0,)
  • H
Out-of-bounds Read

nvidia-pytriton is a PyTriton - Flask/FastAPI-like interface to simplify Triton's deployment in Python environments.

Affected versions of this package are vulnerable to Out-of-bounds Read via the PbMemory::LoadFromSharedMemory function in the bundled Python backend. An attacker could cause an out-of-bounds read by sending a specially crafted request, leading to information disclosure of private memory.

How to fix Out-of-bounds Read?

There is no fixed version for nvidia-pytriton.

[0,)