Caffe blob-shape allocation DoS PoC
This repository contains a benign security research PoC for a Caffe model file
whose forged BlobProto.shape drives allocation failure in
cv2.dnn.readNetFromCaffe(...).
Files:
tiny_fc.prototxtcontrol_fc_blob_shape_2x2.caffemodelmalicious_fc_blob_shape_100m_x2.caffemodelreproduce.pyrequirements.txt
Tested environment:
opencv-python==4.13.0.92- runtime
cv2.__version__ == 4.13.0
Observed behavior:
- control model:
- loads successfully
- malicious model:
- after the process address-space cap is tightened to
800 MiB - raises:
Failed to allocate 800000000 bytes
- after the process address-space cap is tightened to
Reproduction:
python3 -m venv /tmp/caffe-blob-shape-dos
/tmp/caffe-blob-shape-dos/bin/pip install -U pip
/tmp/caffe-blob-shape-dos/bin/pip install -r requirements.txt
curl -L -O https://huggingface.co/hacnho/caffe-blob-shape-allocation-dos-poc/resolve/main/tiny_fc.prototxt
curl -L -O https://huggingface.co/hacnho/caffe-blob-shape-allocation-dos-poc/resolve/main/control_fc_blob_shape_2x2.caffemodel
curl -L -O https://huggingface.co/hacnho/caffe-blob-shape-allocation-dos-poc/resolve/main/malicious_fc_blob_shape_100m_x2.caffemodel
curl -L -O https://huggingface.co/hacnho/caffe-blob-shape-allocation-dos-poc/resolve/main/reproduce.py
curl -L -O https://huggingface.co/hacnho/caffe-blob-shape-allocation-dos-poc/resolve/main/requirements.txt
/tmp/caffe-blob-shape-dos/bin/python reproduce.py --prototxt tiny_fc.prototxt --control control_fc_blob_shape_2x2.caffemodel --malicious malicious_fc_blob_shape_100m_x2.caffemodel
Repo state at verification time:
private=false, commit08c3638412a27a477567976ab976c01b2716cf45
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support