hacnho's picture
Upload README.md with huggingface_hub
851fead verified
|
Raw
History Blame Contribute Delete
688 Bytes
---
tags:
- security
- proof-of-concept
- messagepack
- denial-of-service
---
# MessagePack nested-array StackError PoC
This repository hosts a benign security research PoC for a MessagePack parser denial of service.
## Files
- `messagepack-nested-5000.msgpack`
## Reproduction
Use latest `msgpack 1.2.1`:
```bash
python3 -m venv .venv-msgpack-121
. .venv-msgpack-121/bin/activate
pip install msgpack==1.2.1
python - <<'PY'
import msgpack
data = open("messagepack-nested-5000.msgpack", "rb").read()
msgpack.unpackb(data, raw=False)
PY
```
Observed result:
- `StackError`
## Safety note
This artifact is a non-executable malformed model-file PoC for parser-stress testing only.