htdy7703's picture
Add README for Joblib memory bomb PoC
1136d27 verified
|
Raw
History Blame Contribute Delete
923 Bytes

Joblib NumpyArrayWrapper Memory Exhaustion PoC

This PoC shows that a tiny file containing a built-in Joblib NumpyArrayWrapper can make joblib.load() attempt a large NumPy allocation on the default load path.

What this PoC shows:

  • the issue affects the standard joblib.load() path, not only the legacy compatibility loader
  • the crafted file is tiny and contains only Joblib's own wrapper metadata
  • pickle.load() of the same file is inert, while joblib.load() reconstructs the wrapper and allocates

What this PoC does not show:

  • arbitrary code execution
  • filesystem read or write outside the loaded artifact
  • a bypass of Joblib's documented warning that untrusted joblib.load() inputs are unsafe

Runtime tested:

  • Joblib commit b030e4e1ed6a227c0e587c31b266c03b3b692372
  • NumPy 2.3.5
  • Python 3.14

Run reproduce.py to generate the tiny malicious artifact and trigger the allocation attempt.