Impact
NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause improper handling of highly compressed data. This improper handling can cause the server to consume excessive resources or crash, resulting in a denial of service to legitimate users. The weakness is classified as CWE‑409, which covers improper removal of or insufficient validation of externally supplied data.
Affected Systems
The vulnerable product is NVIDIA Triton Inference Server running on Linux. No specific version range is provided in the advisory, so all installations of Triton that have not yet applied any official patch should be considered potentially impacted.
Risk and Exploitability
The CVSS score of 7.5 indicates a high severity. Because EPSS data is unavailable, the likelihood of exploitation cannot be quantified, but the risk remains significant. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, deployed by an attacker who can send specially crafted, highly compressed inputs to the Triton inference endpoint. Successful exploitation would likely lead to a halt of inference services for all users on the impacted instance.
OpenCVE Enrichment