vllm - Regular Expression Denial of Service in Multiple Components

An attacker sends crafted input containing nested or repeated structures — such as deeply nested parentheses, repeated brackets, or long strings with repeated patterns — to any endpoint that processes the vulnerable regexes. The regex engine's catastrophic backtracking causes severe CPU consumption and performance degradation, leading to denial of service [CWE-1333]. The advisory notes that the benchmark file is used for correctness checking but should still handle abnormal inputs carefully [ref_id=1].

The vulnerable regex patterns are located in `vllm/lora/utils.py` (line 173), `vllm/entrypoints/openai/tool_parsers/phi4mini_tool_parser.py` (line 52), `vllm/entrypoints/openai/serving_chat.py` (line 351), and `benchmarks/benchmark_serving_structured_output.py` (line 650). Each pattern uses non-greedy or greedy `.*` inside groups, making them susceptible to catastrophic backtracking on crafted input [ref_id=1].

The advisory recommends limiting input string length, using non-recursive matching approaches, imposing length constraints on matched content, and preferring structured parsing (e.g., JSON parsing) over regex for extracting structured data [ref_id=1]. The fix is referenced as pull request #18454, though the advisory does not detail the exact code changes in that PR [ref_id=1].