Hugging Face Transformers Regular Expression Denial-of-Service Vulnerability in AdamWeightDecay Optimizer

A Regular Expression Denial-of-Service (ReDoS) vulnerability has been identified in the Hugging Face Transformers library, specifically in versions prior to 4.53.0. The issue resides within the AdamWeightDecay optimizer, where the '_do_use_weight_decay' method processes user-controlled regular expressions from the 'include_in_weight_decay' and 'exclude_from_weight_decay' lists. Malicious regular expressions can cause catastrophic backtracking during the 're.search' call, leading to excessive CPU utilization and a denial-of-service condition. This vulnerability can be exploited by attackers who manipulate the regex patterns, causing machine learning tasks to hang and disrupting service availability.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where a full CPU core is consumed, causing machine learning tasks to hang and potentially rendering services unresponsive.

Reproduction

The vulnerability can be reproduced by creating a Python script that uses TensorFlow and the Hugging Face Transformers library. The script should define a malicious regex pattern designed to cause catastrophic backtracking and a parameter name that triggers the vulnerability. After injecting the malicious pattern into the AdamWeightDecay optimizer via the 'create_optimizer' function, the script can apply gradients to a variable with a matching name, which will invoke the vulnerable '_do_use_weight_decay' method and cause the denial-of-service condition.

Remediation

Users can upgrade to Hugging Face Transformers version 4.53.0 or later, where this vulnerability has been fixed.