YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
Joblib BZ2 Decompression Bomb PoC
Vulnerability: BZ2CompressorWrapper.decompressor_file() has no decompression size limit File: joblib/compressor.py line ~145 Severity: CVSS 7.5 High (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CWE: CWE-409 (Improper Handling of Highly Compressed Data) Affected: joblib <= 1.5.x (all versions with BZ2 support) Reported via: huntr.com bug bounty
PoC Files
| File | Compressed Size | Decompressed | Ratio |
|---|---|---|---|
joblib_bz2_100mb_bomb.joblib.bz2 |
347 bytes | 100 MB | 288,184:1 |
joblib_bz2_1gb_bomb.joblib.bz2 |
957 bytes | 1 GB | 1,044,932:1 |
Reproduction
import joblib
# 957 bytes β 1 GB memory allocation β OOM crash
data = joblib.load("joblib_bz2_1gb_bomb.joblib.bz2")
# Process is killed by OOM on systems with < 1 GB available memory
Root Cause
# joblib/compressor.py, BZ2CompressorWrapper.decompressor_file()
def decompressor_file(self, fileobj):
fileobj = self.fileobj_factory(fileobj, "rb") # bz2.BZ2File(fileobj, "rb")
return fileobj # No maxsize limit β reads until EOF
Compare to the LZMA bomb filed earlier (also lacks maxsize) β BZ2 is even more efficient:
- LZMA bomb: 15,000 bytes β 100 MB
- BZ2 bomb: 347 bytes β 100 MB (this report)
- BZ2 bomb: 957 bytes β 1 GB (this report)
Responsible Disclosure
Filed via huntr.com Model File Format bug bounty program.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support