YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
msgpack-python C Extension SIGSEGV β PoC
Vulnerability
msgpack-python's C extension (_cmsgpack) has no recursion depth limit when
calling user-provided ext_hook callbacks. When an application (like orbax-checkpoint)
uses a recursive ext_hook, a crafted msgpack payload with ~300 nesting levels
causes a native stack overflow β SIGSEGV β process crash.
Impact
- orbax-checkpoint (Google/JAX checkpoint library) uses recursive ext_hook
- Any JAX/Flax application loading orbax checkpoints is vulnerable
- A 1.1 KB payload crashes the process with SIGSEGV (no error handling possible)
- DoS from a crafted model checkpoint file
Affected
msgpack(PyPI) β€ 1.1.2 β C extension has no depth limitorbax-checkpoint(PyPI) β€ 0.11.34 β recursive ext_hook inmsgpack_utils.pyline 113-116
Files
poc.pyβ Full PoC with 3 tests (SIGSEGV, orbax crash, Python fallback safe)crash_payload.msgpackβ 1117-byte crafted payload
Reproduce
pip install msgpack orbax-checkpoint flax
python poc.py
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support