Описание
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
A flaw was found in Keras. A remote attacker can cause a Denial of Service (DoS) by providing a specially crafted .keras archive containing a model weights file (model.weights.h5) that declares an extremely large data shape. This can lead to excessive memory allocation, resulting in memory exhaustion and a crash of the Python interpreter.
Отчет
This vulnerability is rated Important for Red Hat OpenShift AI. A remote attacker can cause a Denial of Service (DoS) by providing a crafted .keras archive with an excessively large dataset shape, leading to memory exhaustion. This impacts Red Hat OpenShift AI components that utilize Keras for model handling.
Меры по смягчению последствий
To mitigate this issue, avoid loading Keras model archives from untrusted sources. If processing untrusted Keras model archives is unavoidable, ensure they are processed within an isolated and resource-constrained environment to limit the impact of potential memory exhaustion attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-agent-rhel9 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-controller-rhel9 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-router-rhel9 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-kserve-storage-initializer-rhel9 | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-modelmesh-runtime-adapter-rhel8 | Affected | ||
| Red Hat OpenShift AI 2.25 | rhoai/odh-modelmesh-runtime-adapter-rhel9 | Fixed | RHSA-2026:3782 | 04.03.2026 |
| Red Hat OpenShift AI 2.25 | rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9 | Fixed | RHSA-2026:3782 | 04.03.2026 |
| Red Hat OpenShift AI 2.25 | rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9 | Fixed | RHSA-2026:3782 | 04.03.2026 |
| Red Hat OpenShift AI 2.25 | rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9 | Fixed | RHSA-2026:3782 | 04.03.2026 |
| Red Hat OpenShift AI 2.25 | rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9 | Fixed | RHSA-2026:3782 | 04.03.2026 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
Связанные уязвимости
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
Allocation of Resources Without Limits or Throttling in the HDF5 weigh ...
Google Keras Allocates Resources Without Limits or Throttling in the HDF5 weight loading component
EPSS
7.6 High
CVSS3