README.md

# MessagePack Model File Vulnerability PoC

## Vulnerability
DoS via Deep Nesting Stack Overflow, OOM Bomb, and CPU Exhaustion in MessagePack model files

## Files
- `poc_deep_nest.msgpack` — 5,000 levels of nested maps, causes stack overflow on unpack
- `poc_oom_bomb.msgpack` — 21 bytes, bin32 header claiming ~2GB allocation
- `poc_huge_map.msgpack` — 100K key-value pairs, causes CPU/memory exhaustion
- `benign.msgpack` — Clean file for comparison

## Reproduce
```python
import msgpack
# Stack overflow from deep nesting:
with open('poc_deep_nest.msgpack', 'rb') as f:
    msgpack.unpackb(f.read())  # RecursionError / crash

# OOM from fake size header:
with open('poc_oom_bomb.msgpack', 'rb') as f:
    msgpack.unpackb(f.read())  # Attempts ~2GB allocation
```