YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
NumPy β OOM DoS via Oversized Shape in .npy Header
Status: PoC CONFIRMED β β Ready for huntr submission
| Field | Value |
|---|---|
| Target | numpy (huntr.com β numpy/numpy) |
| Format | NumPy .npy / .npz array files |
| Vuln | CWE-789 β Unbounded Memory Allocation β MemoryError DoS |
| CVSS | 7.5 High |
| Trigger | numpy.load("bomb.npy") β no flags required |
| Effect | MemoryError: Unable to allocate 8.00 TiB for array with shape (1099511627776,) |
Quick Repro
python3 poc/make_poc.py # creates bomb.npy (128 bytes)
python3 poc/trigger.py # MemoryError β crash
Files
poc/make_poc.pyβ buildsbomb.npy(128 bytes)poc/trigger.pyβ triggers crashpoc/bomb.npyβ malicious array filereport.mdβ huntr submission reportevidence/poc-run.htmlβ self-contained HTML evidence
Key Source Location
numpy/lib/_format_impl.pyβread_array()~line 1089count = numpy.multiply.reduce(shape, dtype=numpy.int64)β no upper bound on countarray = numpy.ndarray(count, dtype=dtype)β allocates before reading any data
Attack Summary
128-byte .npy file with header declaring shape (2^40,) float64.
numpy.load() computes count=1,099,511,627,776, allocates before reading data β 8 TiB β MemoryError.
Same path applies to .npz files (ZIP of .npy arrays).
Inference Providers NEW
This model isn't deployed by any Inference Provider. π Ask for provider support