CVE-2024-53880

NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://nvidia.custhelp.com/app/answers/detail/a_id/5612	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

22 Sep 2025, 17:59

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nvidia:triton_inference_server:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Summary		(es) NVIDIA Triton Inference Server contiene una vulnerabilidad en la API de carga de modelos, donde un usuario podría provocar un desbordamiento de números enteros o un error de envoltura al cargar un modelo con un tamaño de archivo extragrande que desborda una variable interna. Una explotación exitosa de esta vulnerabilidad podría provocar una denegación de servicio.
References	~~() https://nvidia.custhelp.com/app/answers/detail/a_id/5612 -~~	() https://nvidia.custhelp.com/app/answers/detail/a_id/5612 - Vendor Advisory
First Time		Microsoft windows Nvidia Linux Linux linux Kernel Nvidia triton Inference Server Microsoft

12 Feb 2025, 01:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-02-12 01:15

Updated : 2025-09-22 17:59

NVD link : CVE-2024-53880

Mitre link : CVE-2024-53880

CVE.ORG link : CVE-2024-53880

JSON object : View

Products Affected

microsoft

windows

nvidia

triton_inference_server

linux

linux_kernel

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2024-53880", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@nvidia.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-02-12T01:15:08.940", "references": [{"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5612", "tags": ["Vendor Advisory"], "source": "psirt@nvidia.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "psirt@nvidia.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service."}, {"lang": "es", "value": "NVIDIA Triton Inference Server contiene una vulnerabilidad en la API de carga de modelos, donde un usuario podr\u00eda provocar un desbordamiento de n\u00fameros enteros o un error de envoltura al cargar un modelo con un tama\u00f1o de archivo extragrande que desborda una variable interna. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar una denegaci\u00f3n de servicio."}], "lastModified": "2025-09-22T17:59:46.753", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nvidia:triton_inference_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A5C3F2E-73F2-479A-BE3B-775B3AA9EFD3", "versionEndExcluding": "24.12"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@nvidia.com"}