SGLang Cache Handler Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in SGLang versions up to 0.5.11, specifically within the Cache Handler component's data_hash function. This vulnerability, which requires local execution and involves a high level of complexity, has been publicly disclosed and could be exploited. The issue arises from hash collisions in the multimodal embedding cache, leading to embedding corruption, cache instability across processes, and request crashes.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by crashing the request path with a TypeError, along with deterministic cache poisoning, where different multimodal inputs can overwrite the same cached embedding, causing silent incorrect outputs.

Reproduction

The vulnerability can be reproduced by creating a script that demonstrates the hash collision issues. This involves using the data_hash and tensor_hash functions to show how different inputs can produce the same hash, thereby causing cache collisions. The script can be run in an environment with Python 3.10.12 and the latest version of SGLang.

Remediation

A pull request to fix this vulnerability is currently open and awaiting acceptance.