Critical Buffa Rust Library 0-Day DoS Vulnerability in Anthropic
Key Takeaways A zero-day denial-of-service (DoS) vulnerability (CVE-2026-55407) has been discovered in Anthropic’s Rust-based protobuf implementation, Buffa. The flaw allows attackers to...
Key Takeaways
- A zero-day denial-of-service (DoS) vulnerability (CVE-2026-55407) has been discovered in Anthropic’s Rust-based protobuf implementation, Buffa.
- The flaw allows attackers to trigger unbounded heap allocation through specially crafted input, leading to out-of-memory conditions.
- The vulnerability impacts Buffa and connectrpc versions prior to 0.8.0, with a CVSS 4.0 score of 6.3 (Moderate), but real-world severity can escalate to High or Critical.
- Anthropic has released fixes in Buffa and connectrpc version 0.8.0, and a secondary mitigation involves disabling the preservation of unknown fields.
Anthropic’s Buffa Rust Library Suffers Critical 0-Day DoS Vulnerability
Anthropic’s Buffa, a Rust-based implementation for handling protobuf messages, has been identified with a zero-day denial-of-service (DoS) vulnerability. The critical flaw stems from an uncontrolled heap allocation mechanism when processing attacker-controlled input, potentially leading to system instability or crashes.
Table Of Content
Designated as CVE-2026-55407 and GHSA-f9qc-qg88-7pq5, this vulnerability affects all versions of Buffa and connectrpc preceding 0.8.0. While initially rated as Moderate with a CVSS 4.0 score of 6.3, experts caution that its actual impact could be significantly higher, reaching High or Critical severity depending on the specific deployment environment and architecture.
Discovery and Technical Details
The vulnerability’s discovery originated from an analysis conducted by Endor Labs’ AI SAST engine, which flagged a suspicious data flow within Buffa’s unknown-field decoder during a routine codebase examination.
The core of the issue lies within the decode_unknown_field function. Here, a length value is extracted directly from untrusted protobuf wire data and subsequently converted into a usize. This value is then used to allocate a Vec<u8> without any explicit upper boundary beyond the fundamental type limits. Although a safeguard exists to ensure the buffer contains sufficient bytes, preventing out-of-bounds reads, it crucially fails to constrain the allocation size itself. This oversight creates an avenue for attackers to force substantial heap allocations by providing oversized length-delimited fields.
Initial assessments indicated an approximate 2x amplification ratio between input size and heap usage, a considerable but often manageable factor when strict input caps are in place. However, further investigation into the handling of WireType::StartGroup within the same function unveiled a far more dangerous amplification vector.
In this particular branch, the decoder iteratively processes nested unknown fields until it encounters a corresponding EndGroup tag. Each decoded field is then appended to an UnknownFields structure, which is backed by a Vec. Critically, the most economical nested field on the wire can be encoded using merely two bytes. Yet, each such field can trigger an approximate 40-byte heap allocation, compounded by growth overhead. This disparity allows a meticulously crafted group to inflate a relatively small input into an enormous in-memory structure.
Endor Labs’ proof-of-concept demonstrated the severity of this amplification. A protobuf payload of 64 MiB, containing millions of minimal varint fields embedded within a single unknown group, could escalate heap usage to approximately 1.4 GiB—an astounding 22 times the original input size. When this malicious message was decoded within a Docker container configured with a 256 MiB memory limit, the process was terminated with exit code 137, unequivocally confirming an out-of-memory DoS condition.
The vulnerable code path is directly accessible through Buffa’s default decoding APIs, including Message::decode and decode_from_slice. This means any service that processes untrusted protobuf messages with preserve_unknown_fields enabled (which is the default configuration) is potentially exposed to this vulnerability.
Mitigation and Broader Implications
Anthropic has promptly addressed the vulnerability, releasing fixes in Buffa and connectrpc version 0.8.0. These updates introduce a configurable per-message limit on unknown fields, effectively capping the maximum allocation overhead to manageable levels, typically tens of megabytes, even when confronted with hostile input.
For organizations unable to immediately upgrade, a temporary mitigation involves regenerating code with preserve_unknown_fields=false. This action disables the retention of unknown fields, thereby removing the primary data sink responsible for triggering the vulnerability.
This discovery underscores a critical lesson: relying solely on input-size caps is insufficient to prevent DoS attacks, as complex amplification pathways, like the group amplification identified here, can transform a seemingly safe message size into a process-fatal allocation. The case also highlights the evolving role of AI-driven SAST engines in uncovering sophisticated, logic-level DoS vulnerabilities in memory-safe languages like Rust by effectively tracing untrusted data flows from their source to the heap allocation sink, moving beyond conventional pattern-based checks.
The coordinated disclosure between Endor Labs and Anthropic emphasizes the ongoing necessity for advanced data-flow-aware analysis, even within “safe” programming languages, particularly for high-assurance components integral to cutting-edge AI systems.
What You Should Do
- Upgrade Immediately: Update your Buffa and connectrpc dependencies to version 0.8.0 or later to apply the official patches.
- Implement Temporary Mitigation: If immediate upgrade is not feasible, regenerate your code with
preserve_unknown_fields=falseto disable the retention of unknown fields, thereby mitigating the primary attack vector. - Review Input Validation: While not a complete fix, strengthen input validation mechanisms to limit the size and complexity of untrusted protobuf messages processed by your applications.
- Monitor for OOM Events: Implement robust monitoring for out-of-memory (OOM) events in services that decode protobuf messages, especially those exposed to external input.
Download Free Microsoft Vulnerabilities Report 2026
– A The latest Microsoft Vulnerabilities data, analyzed.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.