vLLM AIBrix Prefix Caching Vulnerability Leading to Hash Collision Risks
Vulnerability
A vulnerability in vLLM AIBrix version 0.2.0 has been identified within the prefix caching component. The issue arises from the use of the xxhash64 hashing algorithm, which operates with a fixed seed value, making its output predictable. This predictability allows attackers to craft inputs that generate hash collisions, leading to cache pollution and errors in subsequent responses. The vulnerability has been addressed in version 0.3.0.
Impact
Exploitation of this vulnerability can cause hash collisions, allowing for prefix cache reuse. This interference can disrupt normal operations and lead to unintended behaviors within the application.
Reproduction
The vulnerability can be reproduced by sending prompts that exploit the predictable nature of the xxhash64 hash algorithm, causing collisions that interfere with the application's response handling.
Remediation
Users are advised to upgrade to vLLM AIBrix version 0.3.0 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.