CVE-2026-0897
Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Produtos afetados
Google · KerasQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →