vLLM Denial-of-Service Vulnerability in OpenAI Server Due to Invalid Regex

A denial-of-service vulnerability has been identified in vLLM, an inference and serving engine for large language models. This issue affects versions 0.8.0 prior to 0.9.0. The vulnerability arises when an invalid regular expression is used with structured output, causing the vLLM server to crash. This problem is akin to a previously reported issue with JSON schema validation, but it specifically pertains to regex. The server's failure to handle such invalid inputs gracefully can disrupt service and availability.

Impact

Exploiting this vulnerability leads to a crash of the vLLM server, causing a denial-of-service condition where the server becomes unresponsive and unavailable to handle requests.

Reproduction

To reproduce this vulnerability, connect a client to the vLLM OpenAI server and use the 'guided_regex' option in the 'extra_body' parameter with an invalid regular expression. The server will crash upon receiving the request. This issue can also be triggered by providing an invalid JSON schema or EBNF grammar, as the server's validation process for these formats can inadvertently allow such invalidities to cause a crash.

Remediation

Users can upgrade to vLLM version 0.9.0, which addresses this vulnerability by implementing proper validation checks for regex and grammar inputs before they are processed.