htdy7703's picture
Add README for Joblib memory bomb PoC
1136d27 verified
|
Raw
History Blame Contribute Delete
923 Bytes
# Joblib `NumpyArrayWrapper` Memory Exhaustion PoC
This PoC shows that a tiny file containing a built-in Joblib `NumpyArrayWrapper`
can make `joblib.load()` attempt a large NumPy allocation on the default load path.
What this PoC shows:
- the issue affects the standard `joblib.load()` path, not only the legacy compatibility loader
- the crafted file is tiny and contains only Joblib's own wrapper metadata
- `pickle.load()` of the same file is inert, while `joblib.load()` reconstructs the wrapper and allocates
What this PoC does not show:
- arbitrary code execution
- filesystem read or write outside the loaded artifact
- a bypass of Joblib's documented warning that untrusted `joblib.load()` inputs are unsafe
Runtime tested:
- Joblib commit `b030e4e1ed6a227c0e587c31b266c03b3b692372`
- NumPy `2.3.5`
- Python `3.14`
Run `reproduce.py` to generate the tiny malicious artifact and trigger the allocation attempt.