AZL-74631

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74631.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-74631

Upstream

CVE-2026-0897

Published

2026-01-15T14:16:26Z

Modified

2026-04-21T04:38:45.692528Z

Summary

CVE-2026-0897 affecting package keras for versions less than 3.3.3-6

Details

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-0897

Affected packages

Azure Linux:3 / keras

Package

Name: keras
Purl: pkg:rpm/azure-linux/keras

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.3.3-6

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-74631.json"