Skip to content

Latest commit

 

History

History
24 lines (18 loc) · 1.4 KB

README.md

File metadata and controls

24 lines (18 loc) · 1.4 KB

pickle_injector

Denial of service

256gb memory usage billionLaughs.pt is smaller but utilizes the dupe instruction which is disabled in some pickle parsers. billionLaughsAlt.pkl has to use roughly twice as many bytes, but both are typable on a keyboard and should cause a MemoryError on all reasonable systems.

If you need to make it bigger, add ( to the beginning, and continue the pattern between l at the end before the .

Exploitation

Pickles are broken, if you see one you can easilly plant a backdoor into it using the inject.py script.

python inject.py existingPickle.pt newBackdooredPickle.pt malware.py

Mitigation

If somone wishes to fix the issue, SecureAlternative.py shows an example solution for pytorch to save model weights securely.

Detection

Related Presentation