| tags: | |
| - security | |
| - proof-of-concept | |
| - msgpack | |
| license: mit | |
| # MessagePack array32 repeated-empty-string materialization DoS PoC | |
| This repository contains a benign security research PoC for a `.msgpack` | |
| artifact that drives large in-memory materialization during | |
| `msgpack.unpackb(..., raw=False)`. | |
| Files: | |
| - `control_bin32_same_size.msgpack` | |
| - `malicious_array32_empty_strings_20000000.msgpack` | |
| - `reproduce.py` | |
| Observed behavior: | |
| - control artifact: | |
| - parses successfully as one `bytes` object | |
| - malicious artifact: | |
| - same size as control | |
| - parses successfully as a list of `20,000,000` empty strings | |
| - materially increases peak RSS during normal unpack | |
| Reproduction: | |
| ```bash | |
| python3 build_poc.py | |
| python3 reproduce.py | |
| ``` | |