CNNVD-202601-2541 Information

CNNVD ID

CNNVD-202601-2541

Related CVE

CVE-2026-0897

• CNNVD Published: 2026-01-15

Description (Chinese)

Keras是Keras开源的一个多后端深度学习框架。 Keras 3.0.0版本至3.13.0版本存在安全漏洞，该漏洞源于HDF5权重加载组件在分配资源时无限制或节流，可能导致远程攻击者通过特制的.keras归档文件造成内存耗尽和Python解释器崩溃。

Description (English)

Keras is a multi-back-end in-depth learning framework for Keras open sources. There is a security loophole between Keras 3.0.0 and 3.1.3.0, which stems from the unlimited or no-flowing of HDF5 weight load components in the allocation of resources, which may result in memory depletion and the collapse of the Python interpreter as a result of the remote attacker ’ s unique .keras archive file.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Keras

Published

2026-01-15

Last Modified

2026-02-24

References

https://github.com/keras-team/keras/pull/21880 https://access.redhat.com/security/cve/cve-2026-0897

Patch

https://github.com/keras-team/keras/releases