YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
CoreML β DoS via Malformed INT4 Tensor in .mlpackage
Status: PoC CONFIRMED β β Ready for huntr submission
| Field | Value |
|---|---|
| Target | coremltools (huntr.com β apple/coremltools) |
| Format | CoreML mlpackage (.mlpackage) |
| Vuln | CWE-20 β Improper Input Validation β unhandled ValueError β DoS |
| CVSS | 7.5 High |
| Trigger | ct.optimize.coreml.linear_quantize_weights(mlmodel, config) β ValueError |
Quick Repro
python3 poc/make_poc.py # creates /tmp/evil.mlpackage
python3 poc/trigger.py # ValueError β crash
Files
poc/make_poc.pyβ PoC builderpoc/trigger.pyβ crash triggerreport.mdβ huntr submission reportevidence/poc-run.htmlβ self-contained HTML evidence
Key Source Location
- Primary:
coremltools/converters/mil/frontend/milproto/load.py:165element_num = np.prod(shape)β no validation of shape vs actual byte count.reshape(shape)raises uncaughtValueErrorwhen shape product β actual elements
Attack Summary
Craft a .mlpackage with an INT4 const op where:
shape = [2^40, 1](1,099,511,627,776 declared elements)bytes = b'\xab\xcd'(only 2 bytes = 4 INT4 values)
When linear_quantize_weights() processes the model, it calls _restore_np_from_bytes_value(),
which unpacks 4 elements from the 2-byte buffer but then calls .reshape([2^40, 1]) β ValueError.
Exception propagates uncaught through the entire call chain.
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support