MessagePack array32 repeated-empty-string materialization DoS PoC
This repository contains a benign security research PoC for a .msgpack
artifact that drives large in-memory materialization during
msgpack.unpackb(..., raw=False).
Files:
control_bin32_same_size.msgpackmalicious_array32_empty_strings_20000000.msgpackreproduce.py
Observed behavior:
- control artifact:
- parses successfully as one
bytesobject
- parses successfully as one
- malicious artifact:
- same size as control
- parses successfully as a list of
20,000,000empty strings - materially increases peak RSS during normal unpack
Reproduction:
python3 build_poc.py
python3 reproduce.py
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support