hacnho's picture
Upload README.md with huggingface_hub
851fead verified
|
Raw
History Blame Contribute Delete
688 Bytes
metadata
tags:
  - security
  - proof-of-concept
  - messagepack
  - denial-of-service

MessagePack nested-array StackError PoC

This repository hosts a benign security research PoC for a MessagePack parser denial of service.

Files

  • messagepack-nested-5000.msgpack

Reproduction

Use latest msgpack 1.2.1:

python3 -m venv .venv-msgpack-121
. .venv-msgpack-121/bin/activate
pip install msgpack==1.2.1
python - <<'PY'
import msgpack
data = open("messagepack-nested-5000.msgpack", "rb").read()
msgpack.unpackb(data, raw=False)
PY

Observed result:

  • StackError

Safety note

This artifact is a non-executable malformed model-file PoC for parser-stress testing only.