TFRecords BytesList value materialization DoS PoC

This repository contains a benign security research PoC for a .tfrecords artifact that drives large protobuf materialization during tf.train.BytesList.FromString(...).

Files:

  • control_same_size.tfrecords
  • malicious_byteslist_value_10000000.tfrecords
  • reproduce.py

Observed behavior:

  • control artifact:
    • parses successfully with one value item
  • malicious artifact:
    • same size as control
    • parses successfully with 10,000,000 value items
    • increases peak RSS by about 407764 kB
    • takes about 14.62x the control parse time

Reproduction:

TF_PYTHON_BIN=/tmp/tf221clean/bin/python python3 build_poc.py
TF_PYTHON_BIN=/tmp/tf221clean/bin/python python3 reproduce.py
Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support