Core ML function input materialization DoS PoC
This repository contains a benign security research PoC for a .mlmodel
artifact that drives large protobuf materialization during Core ML spec loading.
Files:
control_same_size.mlmodelmalicious_function_input_1000000.mlmodelreproduce.py
Observed behavior:
- control artifact:
- parses successfully with one function and zero nested input entries
- malicious artifact:
- same size as control
- parses successfully with one function and
1,000,000nested input entries load_spec()peak RSS delta is about119072 kBMLModel(skip_model_load=True)peak RSS delta is about310288 kB
Public files:
https://huggingface.co/hacnho/coreml-function-input-fanout-dos-poc/resolve/main/control_same_size.mlmodelhttps://huggingface.co/hacnho/coreml-function-input-fanout-dos-poc/resolve/main/malicious_function_input_1000000.mlmodelhttps://huggingface.co/hacnho/coreml-function-input-fanout-dos-poc/resolve/main/reproduce.py
Reproduction:
python3 build_poc.py
python3 reproduce.py
- Downloads last month
- 15
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support