Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-0897

created 3 months ago

Denial of Service in Keras via Excessive Memory Allocation in HDF5 Metadata

Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive containing a valid model.weights.h5 file whose dataset declares an extremely large shape.

References

https://github.com/keras-team/keras/pull/21880

Affected products

Keras

=<3.13.0

Matching in nixpkgs

pkgs.python312Packages.keras

Multi-backend implementation of the Keras API, with support for TensorFlow, JAX, and PyTorch

nixos-unstable 3.11.1
- nixpkgs-unstable 3.11.1
- nixos-unstable-small 3.11.1
nixos-25.11 3.12.0
- nixpkgs-25.11-darwin 3.12.0

pkgs.python313Packages.keras

Multi-backend implementation of the Keras API, with support for TensorFlow, JAX, and PyTorch

nixos-25.11 3.12.0
- nixpkgs-25.11-darwin 3.12.0

pkgs.python312Packages.tf-keras

Deep learning for humans

nixos-unstable 2.19.0
- nixpkgs-unstable 2.19.0
- nixos-unstable-small 2.19.0
nixos-25.11 2.20.1
- nixpkgs-25.11-darwin 2.20.1

pkgs.python313Packages.tf-keras

Deep learning for humans

nixos-25.11 2.20.1
- nixpkgs-25.11-darwin 2.20.1

pkgs.pkgsRocm.python3Packages.keras

Multi-backend implementation of the Keras API, with support for TensorFlow, JAX, and PyTorch

nixos-25.11 3.12.0
- nixpkgs-25.11-darwin 3.12.0

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>