We use cookies to improve your experience on our site.
AVID-2026-R1571
Description
Vulnerability CVE-2024-53880
Details
NVIDIA Triton Inference Server contains a vulnerability in the model loading API, where a user could cause an integer overflow or wraparound error by loading a model with an extra-large file size that overflows an internal variable. A successful exploit of this vulnerability might lead to denial of service.
Reason for inclusion in AVID: CVE-2024-53880 affects NVIDIA Triton Inference Server, a model-serving framework used in AI deployment pipelines. The vulnerability is a software issue in the AI infrastructure (model loading) that can be exploited remotely to cause denial of service via integer overflow. This sits squarely in the AI software supply chain (deployment/serving components). Evidence is provided by the CVE/NVD references.
References
Affected or Relevant Artifacts
- Developer: NVIDIA
- Deployer: NVIDIA
- Artifact Details:
| Type | Name |
|---|---|
| System | Triton Inference Server |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.1 |
| Vector String | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Base Score | 4.9 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | 🔴 High |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | NONE |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-190 | CWE-190 Integer Overflow or Wraparound |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-02-12
- Version: 0.3.3
- AVID Entry