MessagePack nested-array StackError PoC

This repository hosts a benign security research PoC for a MessagePack parser denial of service.

Files

  • messagepack-nested-5000.msgpack

Reproduction

Use latest msgpack 1.2.1:

python3 -m venv .venv-msgpack-121
. .venv-msgpack-121/bin/activate
pip install msgpack==1.2.1
python - <<'PY'
import msgpack
data = open("messagepack-nested-5000.msgpack", "rb").read()
msgpack.unpackb(data, raw=False)
PY

Observed result:

  • StackError

Safety note

This artifact is a non-executable malformed model-file PoC for parser-stress testing only.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support