3 matches found
Denial Of Service (DoS)
xgrammar is vulnerable to Denial Of Service DoS. The vulnerability is due to a regression in the Earley parser, which causes excessive processing time for valid grammar inputs, allowing an attacker to exploit this inefficiency to trigger denial of service through resource exhaustion...
Allocation of Resources Without Limits or Throttling
Overview xgrammar is an Efficient, Flexible and Portable Structured Generation Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to wrong boundary check in the earley parser. An attacker can cause resource exhaustion and disrupt service...
GHSA-9Q5R-WFVF-RR7F xgrammar vulnerable to denial of service by huge enum grammar
Summary Provided grammar, would fit in a context window of most of the models, but takes minutes to process in 0.1.23. In testing with 0.1.16 the parser worked fine so this seems to be a regression caused by Earley parser. Details Full reproducer provider in the POC section. The resulting grammar...