vLLM has a Regular Expression Denial of Service (ReDoS, Exponential Complexity) Vulnerability in `pythonic_tool_parser.py`

Summary A Regular Expression Denial of Service ReDoS vulnerability exists in the file vllm/entrypoints/openai/toolparsers/pythonictoolparser.py of the vLLM project. The root cause is the use of a highly complex and nested regular expression for tool call detection, which can be exploited by an...

PT-2023-35925 · Oracle · Java.Base

Name of the Vulnerable Software and Affected Versions: java.base affected versions not specified Description: A security exception crash has been reported in java.base. The crash occurs in the java.util.regex.Pattern class, specifically in the Loop.match, GroupTail.match, and BranchConn.match...

OpenJDK: Unexpected exception thrown in regex Pattern (Libraries, 8268813)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...