Hugging Face Transformers Regular Expression Denial-of-Service Vulnerability

A Regular Expression Denial-of-Service (ReDoS) vulnerability exists in the Hugging Face Transformers library, specifically in the CLVP number normalizer's 'normalize_numbers()' method within the 'EnglishNormalizer' class. This vulnerability affects versions through 4.52.4 and is fixed in 4.53.0. The issue arises from the method's processing of numeric strings, which can be exploited with crafted inputs containing long sequences of digits, leading to excessive CPU usage. This vulnerability disrupts text-to-speech and number normalization tasks, causing service interruptions, resource exhaustion, and potential API vulnerabilities.

Impact

Exploitation of this vulnerability causes high CPU consumption, disrupting text processing services and text-to-speech pipelines. In production environments, it can lead to resource exhaustion, affecting multiple users in shared settings and causing backups in processing queues. Additionally, it creates vulnerabilities in APIs that expose text normalization functions, as the attack is CPU-bound and can bypass rate limiting.

Reproduction

The vulnerability can be reproduced by installing the Transformers library and its dependencies, including TensorFlow. After importing the 'EnglishNormalizer' class, set the maximum string digit limit to a high value. Then, create payloads of increasing lengths using repeated digit patterns and measure the execution time for the 'normalize_numbers()' method. The output will show a non-linear increase in processing time, demonstrating the vulnerability.

Remediation

Users can upgrade to Hugging Face Transformers version 4.53.0 or later, where this vulnerability has been fixed.