GHSA-9hcf-v7m4-6m2j: vLLM allows clients to crash the openai server with invalid regex

The vulnerability (GHSA-9hcf-v7m4-6m2j) describes a denial of service in vLLM where providing an invalid regex during structured output generation could crash the server. The root cause is an unhandled exception originating from the xgrammar library when it attempts to parse or convert a schema derived from the invalid regex.

The primary vulnerable function identified is vllm.v1.structured_output.backend_xgrammar.validate_xgrammar_grammar. This function is called when the guided_decoding_backend is set to xgrammar or auto. Inside this function, a JSON schema (potentially derived from the user's regex input) is processed by xgr.Grammar.from_json_schema(schema). The commit 08bf7840780980c7568c573c70a6a8db94fd45ff shows that a try-except block was added around this specific call. This directly implies that, prior to the patch, exceptions raised by xgr.Grammar.from_json_schema due to malformed input (stemming from an invalid regex) were not caught within validate_xgrammar_grammar. This unhandled exception would then propagate, ultimately crashing the server.

The function vllm.v1.engine.processor._validate_structured_output was also modified to improve the robustness of its fallback mechanism (i.e., to validate grammar for the 'guidance' backend if 'xgrammar' fails). However, the direct cause of the crash, the unhandled exception from xgrammar processing, was addressed by the changes in validate_xgrammar_grammar. Therefore, validate_xgrammar_grammar is the key vLLM function that, due to missing error handling for the underlying library call, allowed the invalid regex to trigger a server crash.