{ "schema_version": "1.4.0", "id": "GHSA-389x-67px-mjg3", "modified": "2025-04-09T19:53:58Z", "published": "2025-04-09T13:08:59Z", "aliases": [ "CVE-2025-32381" ], "summary": "xgrammar Vulnerable to Denial of Service (DoS) by abusing unbounded cache in memory", "details": "### Summary\n\nXgrammar includes a cache for compiled grammars to increase performance with repeated use of the same grammar. This cache is held in memory. Since the cache is unbounded, a system making use of xgrammar can be abused to fill up a host's memory and case a denial of service. For example, sending many small requests to an LLM inference server with unique JSON schemas would eventually cause this denial of service to occur.\n\n### Details\n\nThe fix is to add a limit to the cache size. This was done in https://github.com/mlc-ai/xgrammar/pull/243\n\nAn example of making use of the new cache size limit can be found in vLLM here: https://github.com/vllm-project/vllm/pull/16283\n\n### Impact\n\nAny system making use of Xgrammar and taking requests as input from potentially untrusted parties would be vulnerable to this denial of service issue.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "PyPI", "name": "xgrammar" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.1.18" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-389x-67px-mjg3" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32381" }, { "type": "WEB", "url": "https://github.com/mlc-ai/xgrammar/pull/243" }, { "type": "WEB", "url": "https://github.com/vllm-project/vllm/pull/16283" }, { "type": "PACKAGE", "url": "https://github.com/mlc-ai/xgrammar" } ], "database_specific": { "cwe_ids": [ "CWE-770" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-09T13:08:59Z", "nvd_published_at": "2025-04-09T16:15:26Z" } }