Hugging Face's logo

paperboygold
/
gguf_grammar_dos

poc
security
dos
Model card Files
xet
Community

You need to agree to share your contact information to access this model

This repository is publicly accessible, but you have to accept the conditions to access its files and content.

Log in or Sign Up to review the conditions and access this model content.

GBNF Grammar DoS PoC

This repository contains a Proof of Concept (PoC) for a Denial of Service (DoS) vulnerability in llama.cpp's GBNF grammar parser.

Vulnerability

The GBNF parser in llama.cpp (prior to the fix) allows unlimited recursion when parsing nested parentheses. A grammar with deeply nested groups (e.g., ((...))) causes a stack overflow, crashing the application.

Files

  • dos.gbnf: A malicious grammar file containing 100,000 nested parentheses.

Reproduction

To reproduce the crash (on a vulnerable version):

./llama-cli -m your_model.gguf --grammar-file dos.gbnf -p "test"

Mitigation

This vulnerability is fixed by enforcing a recursion depth limit in llama_grammar_parser.

Downloads last month

-

Downloads are not tracked for this model. How to track
Inference Providers NEW
This model isn't deployed by any Inference Provider. 🙋 Ask for provider support