CWE-674
Allowed-with-ReviewUncontrolled Recursion
Abstraction: Class · Status: Draft
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
616 vulnerabilities reference this CWE, most recent first.
GHSA-7C85-87CP-MR6G
Vulnerability from github – Published: 2025-05-10 15:30 – Updated: 2025-10-15 16:12A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python's recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "llama-index"
},
"ranges": [
{
"events": [
{
"introduced": "0.12.15"
},
{
"fixed": "0.12.21"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-1752"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-12T20:16:19Z",
"nvd_published_at": "2025-05-10T14:15:32Z",
"severity": "HIGH"
},
"details": "A Denial of Service (DoS) vulnerability has been identified in the KnowledgeBaseWebReader class of the run-llama/llama_index project, affecting version ~ latest(v0.12.15). The vulnerability arises due to inappropriate secure coding measures, specifically the lack of proper implementation of the max_depth parameter in the get_article_urls function. This allows an attacker to exhaust Python\u0027s recursion limit through repeated function calls, leading to resource consumption and ultimately crashing the Python process.",
"id": "GHSA-7c85-87cp-mr6g",
"modified": "2025-10-15T16:12:12Z",
"published": "2025-05-10T15:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1752"
},
{
"type": "WEB",
"url": "https://github.com/run-llama/llama_index/commit/3c65db2947271de3bd1927dc66a044da385de4da"
},
{
"type": "PACKAGE",
"url": "https://github.com/run-llama/llama_index"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/cd7b9082-7d75-42e4-84f5-dbee23cbc467"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "LlamaIndex Vulnerable to Denial of Service (DoS)"
}
GHSA-7GCJ-M465-HXG8
Vulnerability from github – Published: 2025-08-06 15:31 – Updated: 2025-08-06 15:31NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-23325"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-06T13:15:40Z",
"severity": "HIGH"
},
"details": "NVIDIA Triton Inference Server for Windows and Linux contains a vulnerability where an attacker could cause uncontrolled recursion through a specially crafted input. A successful exploit of this vulnerability might lead to denial of service.",
"id": "GHSA-7gcj-m465-hxg8",
"modified": "2025-08-06T15:31:25Z",
"published": "2025-08-06T15:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23325"
},
{
"type": "WEB",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5687"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23325"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7GCM-G887-7QV7
Vulnerability from github – Published: 2026-01-23 15:31 – Updated: 2026-02-05 15:47A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.
Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.33.4"
},
"package": {
"ecosystem": "PyPI",
"name": "protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "6.30.0rc1"
},
{
"fixed": "6.33.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "protobuf"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.29.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-0994"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-23T16:56:33Z",
"nvd_published_at": "2026-01-23T15:16:06Z",
"severity": "HIGH"
},
"details": "A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.\n\nDue to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python\u2019s recursion stack and causing a RecursionError.",
"id": "GHSA-7gcm-g887-7qv7",
"modified": "2026-02-05T15:47:43Z",
"published": "2026-01-23T15:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf/issues/25070"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf/pull/25239"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf/commit/5ebddcb1bcbe51d1fe323baa145e85f4f23128cf"
},
{
"type": "WEB",
"url": "https://github.com/protocolbuffers/protobuf/commit/d2b001626d137c62dfee6c88c87324102531868b"
},
{
"type": "PACKAGE",
"url": "https://github.com/protocolbuffers/protobuf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"type": "CVSS_V4"
}
],
"summary": "protobuf affected by a JSON recursion depth bypass"
}
GHSA-7HPJ-7HHX-2FGX
Vulnerability from github – Published: 2023-12-28 21:16 – Updated: 2024-01-10 18:34Impact
When decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop.
Patches
The fix is available in v1.10.1
Workarounds
Exploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.
References
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "msgpackr"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-52079"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-28T21:16:20Z",
"nvd_published_at": "2023-12-28T16:16:01Z",
"severity": "HIGH"
},
"details": "### Impact\nWhen decoding user supplied MessagePack messages, users can trigger stuck threads by crafting messages that keep the decoder stuck in a loop.\n\n### Patches\nThe fix is available in v1.10.1\n\n### Workarounds\nExploits seem to require structured cloning, replacing the 0x70 extension with your own (that throws an error or does something other than recursive referencing) should mitigate the issue.\n\n### References",
"id": "GHSA-7hpj-7hhx-2fgx",
"modified": "2024-01-10T18:34:21Z",
"published": "2023-12-28T21:16:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/kriszyp/msgpackr/security/advisories/GHSA-7hpj-7hhx-2fgx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52079"
},
{
"type": "WEB",
"url": "https://github.com/kriszyp/msgpackr/commit/18f44f8800e2261341cdf489d1ba1e35a0133602"
},
{
"type": "PACKAGE",
"url": "https://github.com/kriszyp/msgpackr"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "msgpackr\u0027s conversion of property names to strings can trigger infinite recursion"
}
GHSA-7HQX-W6MQ-G592
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-02-03 03:30check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.
{
"affected": [],
"aliases": [
"CVE-2019-15118"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-16T14:15:00Z",
"severity": "MODERATE"
},
"details": "check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.",
"id": "GHSA-7hqx-w6mq-g592",
"modified": "2024-02-03T03:30:26Z",
"published": "2022-05-24T16:53:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15118"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound.git/commit/?id=19bce474c45be69a284ecee660aa12d8f1e88f18"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/20190815043554.16623-1-benquike%40gmail.com"
},
{
"type": "WEB",
"url": "https://lore.kernel.org/lkml/20190815043554.16623-1-benquike@gmail.com"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Nov/11"
},
{
"type": "WEB",
"url": "https://seclists.org/bugtraq/2019/Sep/41"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190905-0002"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4147-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4162-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4162-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4163-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4163-2"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4531"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/155212/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7JJC-F4W2-6G7W
Vulnerability from github – Published: 2024-04-03 00:30 – Updated: 2024-04-03 00:30In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
{
"affected": [],
"aliases": [
"CVE-2024-3248"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-02T23:15:55Z",
"severity": "LOW"
},
"details": "In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.\n",
"id": "GHSA-7jjc-f4w2-6g7w",
"modified": "2024-04-03T00:30:56Z",
"published": "2024-04-03T00:30:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3248"
},
{
"type": "WEB",
"url": "https://forum.xpdfreader.com/viewtopic.php?t=43657"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-7PMH-VRWW-25XX
Vulnerability from github – Published: 2024-08-30 18:43 – Updated: 2024-08-30 18:43Impact
A directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users.
Patches
This has been fixed in this commit by limiting the recursion to 500 directories: https://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143
This issue was discovered by Hanno Böck.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "freewvs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-15101"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-30T18:43:23Z",
"nvd_published_at": "2020-07-14T22:15:00Z",
"severity": "LOW"
},
"details": "### Impact\nA directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python\u0027s recursion limit and os.walk(). This can be problematic in a case where an administrator scans the dirs of potentially untrusted users.\n\n### Patches\nThis has been fixed in this commit by limiting the recursion to 500 directories:\nhttps://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143\n\nThis issue was discovered by Hanno B\u00f6ck.",
"id": "GHSA-7pmh-vrww-25xx",
"modified": "2024-08-30T18:43:23Z",
"published": "2024-08-30T18:43:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/schokokeksorg/freewvs/security/advisories/GHSA-7pmh-vrww-25xx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15101"
},
{
"type": "WEB",
"url": "https://github.com/schokokeksorg/freewvs/commit/83a6b55c0435c69f447488b791555e6078803143"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/freewvs/PYSEC-2020-233.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/schokokeksorg/freewvs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "freewvs\u0027s nested directory structure can interrupt scan"
}
GHSA-7PWF-JG34-HXWP
Vulnerability from github – Published: 2022-05-20 16:58 – Updated: 2022-05-20 16:58The kustomize-controller enables the use of Kustomize’s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use a specially crafted kustomization.yaml to cause Denial of Service at controller level.
In multi-tenancy deployments this can lead to multiple tenants not being able to apply their Kustomizations until the malicious kustomization.yaml is removed and the controller restarted.
Impact
Within the affected versions, users with write access to a Flux source are able to craft a malicious kustomization.yaml file which causes the controller to enter an endless loop.
Patches
This vulnerability was fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0 released on 2022-04-20. The changes introduce better handling of Kustomization files blocking references that could lead to endless loops.
Credits
The Flux engineering team found and patched this vulnerability.
For more information
If you have any questions or comments about this advisory please open an issue in the flux2 repository.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/fluxcd/kustomize-controller"
},
"ranges": [
{
"events": [
{
"introduced": "0.16.0"
},
{
"fixed": "0.24.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/fluxcd/flux2"
},
"ranges": [
{
"events": [
{
"introduced": "0.19.0"
},
{
"fixed": "0.29.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24878"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-20T16:58:38Z",
"nvd_published_at": "2022-05-06T02:15:00Z",
"severity": "HIGH"
},
"details": "The kustomize-controller enables the use of Kustomize\u2019s functionality when applying Kubernetes declarative state onto a cluster. A malicious user can use a specially crafted `kustomization.yaml` to cause Denial of Service at controller level.\n\nIn multi-tenancy deployments this can lead to multiple tenants not being able to apply their Kustomizations until the malicious `kustomization.yaml` is removed and the controller restarted.\n\n### Impact\n\nWithin the affected versions, users with write access to a Flux source are able to craft a malicious `kustomization.yaml` file which causes the controller to enter an endless loop.\n\n### Patches\n\nThis vulnerability was fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0 released on 2022-04-20. The changes introduce better handling of Kustomization files blocking references that could lead to endless loops.\n\n### Credits\n\nThe Flux engineering team found and patched this vulnerability.\n\n### For more information\n\nIf you have any questions or comments about this advisory please open an issue in the [flux2 repository](http://github.com/fluxcd/flux2).",
"id": "GHSA-7pwf-jg34-hxwp",
"modified": "2022-05-20T16:58:38Z",
"published": "2022-05-20T16:58:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fluxcd/flux2/security/advisories/GHSA-7pwf-jg34-hxwp"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24878"
},
{
"type": "PACKAGE",
"url": "https://github.com/fluxcd/flux2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Improper path handling in Kustomization files allows for denial of service"
}
GHSA-7R4M-G29Q-QF8V
Vulnerability from github – Published: 2024-11-11 00:30 – Updated: 2024-11-19 21:31In Faust 2.23.1, an input file with the lines "// r visualisation tCst" and "//process = +: L: abM-^Q;" and "process = route(3333333333333333333,2,1,2,3,1) : *;" leads to stack consumption.
{
"affected": [],
"aliases": [
"CVE-2021-41737"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-10T23:15:04Z",
"severity": "HIGH"
},
"details": "In Faust 2.23.1, an input file with the lines \"// r visualisation tCst\" and \"//process = +: L: abM-^Q;\" and \"process = route(3333333333333333333,2,1,2,3,1) : *;\" leads to stack consumption.",
"id": "GHSA-7r4m-g29q-qf8v",
"modified": "2024-11-19T21:31:30Z",
"published": "2024-11-11T00:30:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41737"
},
{
"type": "WEB",
"url": "https://github.com/grame-cncm/faust/issues/653"
},
{
"type": "WEB",
"url": "https://github.com/grame-cncm/faust/tree/e682dbeeb7cc0ec9a1fcb6872f53433e454aa233"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7RGV-GQHR-FXG3
Vulnerability from github – Published: 2026-03-05 18:20 – Updated: 2026-03-05 20:42Summary
The multi-level nested syntax caused a segmentation fault (core dump).
Details
A trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses.
PoC
#!/usr/bin/env python3
"""
XGrammar - Math Expression Generation Example
"""
import xgrammar as xgr
import torch
from transformers import AutoModelForCausalLM, AutoTokenizer, AutoConfig
s = '(' * 30000 + 'a'
grammar = f"root ::= {s}"
def main():
device = "cuda" if torch.cuda.is_available() else "cpu"
model_name = "Qwen/Qwen2.5-0.5B-Instruct"
# Load model
model = AutoModelForCausalLM.from_pretrained(
model_name,
torch_dtype=torch.float16 if device == "cuda" else torch.float32,
device_map=device
)
tokenizer = AutoTokenizer.from_pretrained(model_name)
config = AutoConfig.from_pretrained(model_name)
# Math expression grammar
math_grammar = grammar
# Setup
tokenizer_info = xgr.TokenizerInfo.from_huggingface(
tokenizer,
vocab_size=config.vocab_size
)
compiler = xgr.GrammarCompiler(tokenizer_info)
compiled_grammar = compiler.compile_grammar(math_grammar)
# Generate
prompt = "Math: "
inputs = tokenizer(prompt, return_tensors="pt").to(device)
xgr_processor = xgr.contrib.hf.LogitsProcessor(compiled_grammar)
output_ids = model.generate(
**inputs,
max_new_tokens=50,
logits_processor=[xgr_processor]
)
result = tokenizer.decode(
output_ids[0][len(inputs.input_ids[0]):],
skip_special_tokens=True
)
print(f"Generated expression: {result}")
if __name__ == "__main__":
main()
> pip show xgrammar
Name: xgrammar
Version: 0.1.31
Summary: Efficient, Flexible and Portable Structured Generation
Home-page:
Author: MLC Team
Author-email:
License: Apache 2.0
Location: /home/yuelinwang/.local/lib/python3.10/site-packages
Requires: numpy, pydantic, torch, transformers, triton, typing-extensions
Required-by:
> python3 1.py
`torch_dtype` is deprecated! Use `dtype` instead!
Segmentation fault (core dumped)
Impact
DoS
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.1.31"
},
"package": {
"ecosystem": "PyPI",
"name": "xgrammar"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.1.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25048"
],
"database_specific": {
"cwe_ids": [
"CWE-674"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-05T18:20:08Z",
"nvd_published_at": "2026-03-05T16:16:15Z",
"severity": "HIGH"
},
"details": "### Summary\n\nThe multi-level nested syntax caused a segmentation fault (core dump).\n\n\n### Details\n\nA trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses.\n\n### PoC\n\n```\n#!/usr/bin/env python3\n\"\"\"\nXGrammar - Math Expression Generation Example\n\"\"\"\n\nimport xgrammar as xgr\nimport torch\nfrom transformers import AutoModelForCausalLM, AutoTokenizer, AutoConfig\n\ns = \u0027(\u0027 * 30000 + \u0027a\u0027\ngrammar = f\"root ::= {s}\"\n\ndef main():\n device = \"cuda\" if torch.cuda.is_available() else \"cpu\"\n model_name = \"Qwen/Qwen2.5-0.5B-Instruct\"\n \n # Load model\n model = AutoModelForCausalLM.from_pretrained(\n model_name,\n torch_dtype=torch.float16 if device == \"cuda\" else torch.float32,\n device_map=device\n )\n tokenizer = AutoTokenizer.from_pretrained(model_name)\n config = AutoConfig.from_pretrained(model_name)\n \n # Math expression grammar\n math_grammar = grammar\n \n # Setup\n tokenizer_info = xgr.TokenizerInfo.from_huggingface(\n tokenizer,\n vocab_size=config.vocab_size\n )\n compiler = xgr.GrammarCompiler(tokenizer_info)\n compiled_grammar = compiler.compile_grammar(math_grammar)\n \n # Generate\n prompt = \"Math: \"\n inputs = tokenizer(prompt, return_tensors=\"pt\").to(device)\n \n xgr_processor = xgr.contrib.hf.LogitsProcessor(compiled_grammar)\n \n output_ids = model.generate(\n **inputs,\n max_new_tokens=50,\n logits_processor=[xgr_processor]\n )\n \n result = tokenizer.decode(\n output_ids[0][len(inputs.input_ids[0]):],\n skip_special_tokens=True\n )\n \n print(f\"Generated expression: {result}\")\n\nif __name__ == \"__main__\":\n main()\n```\n\n\n\n```\n\u003e pip show xgrammar\nName: xgrammar\nVersion: 0.1.31\nSummary: Efficient, Flexible and Portable Structured Generation\nHome-page: \nAuthor: MLC Team\nAuthor-email: \nLicense: Apache 2.0\nLocation: /home/yuelinwang/.local/lib/python3.10/site-packages\nRequires: numpy, pydantic, torch, transformers, triton, typing-extensions\nRequired-by: \n\n\u003e python3 1.py \n`torch_dtype` is deprecated! Use `dtype` instead!\nSegmentation fault (core dumped)\n```\n\n\n### Impact\n\nDoS",
"id": "GHSA-7rgv-gqhr-fxg3",
"modified": "2026-03-05T20:42:15Z",
"published": "2026-03-05T18:20:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25048"
},
{
"type": "PACKAGE",
"url": "https://github.com/mlc-ai/xgrammar"
},
{
"type": "WEB",
"url": "https://github.com/mlc-ai/xgrammar/releases/tag/v0.1.32"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "xgrammar vulnerable to DoS via multi-layer nesting"
}
Mitigation
Ensure that an end condition will be reached under all logic conditions. The end condition may include checking against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.
Mitigation
Increase the stack size.
CAPEC-230: Serialized Data with Nested Payloads
Applications often need to transform data in and out of a data format (e.g., XML and YAML) by using a parser. It may be possible for an adversary to inject data that may have an adverse effect on the parser when it is being processed. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. By nesting these structures, causing the data to be repeatedly substituted, an adversary can cause the parser to consume more resources while processing, causing excessive memory consumption and CPU utilization.
CAPEC-231: Oversized Serialized Data Payloads
An adversary injects oversized serialized data payloads into a parser during data processing to produce adverse effects upon the parser such as exhausting system resources and arbitrary code execution.