vllm-project vllm Denial-of-Service Vulnerability in OpenAI-Compatible Serving Path

A denial-of-service vulnerability has been identified in vllm-project vllm version 0.19.0. The issue arises from an unknown processing flaw in the OpenAI-compatible Serving Path component, which can be exploited remotely. The vulnerability causes a significant increase in response times for co-scheduled requests, with some experiencing up to a 423-fold delay. This issue was discovered during fuzz testing and has a public exploit available. A pull request to address the vulnerability is pending acceptance.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, where affected requests experience drastically increased response times, causing delays in processing and potentially disrupting service.

Reproduction

The vulnerability can be reproduced by sending concurrent requests to the vLLM OpenAI API server, with one request using 'n_completions' set to 8 and 'logprobs' set to 20. This combination causes the server to block other co-scheduled requests for 9 to 11 seconds, while the request with 'n_completions' set to 8 completes its decoding within the expected time. The issue can be automated with a provided script that runs this scenario multiple times, demonstrating the consistent impact on request times.

Remediation

Users can update to vllm version 0.19.1, where this issue has been fixed.