Skip to content

xgrammar: Multi-layer nesting causes DoS #497289

Closed
#504820
Closed
xgrammar: Multi-layer nesting causes DoS#497289
#504820
Labels
1.severity: securityIssues which raise a security issue, or PRs that fix one
@nixpkgs-security-tracker

Description

@nixpkgs-security-tracker
nixpkgs-security-tracker
bot
opened on Mar 6, 2026

Description

xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This issue has been patched in version 0.1.32.

Affected packages
  • python312Packages.xgrammar (0.1.24@nixos-25.11)
  • python313Packages.xgrammar (0.1.24@nixos-25.11, 0.1.31@nixos-unstable)
  • python314Packages.xgrammar (0.1.31@nixos-unstable)
  • pkgsRocm.python3Packages.xgrammar (0.1.24@nixos-25.11, 0.1.31@nixos-unstable)

Additional comment

Upstream advisory: https://github.com/mlc-ai/xgrammar/security/advisories/GHSA-7rgv-gqhr-fxg3

Metadata

Metadata

Assignees

No one assigned

    Labels

    1.severity: securityIssues which raise a security issue, or PRs that fix one

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions