Skip to content
Data Breach

Anthropic’s Buffa Rust Library 0-Day Vulnerability Enables DoS Attack

Anthropic’s Rust-based protobuf implementation, buffa, has been found vulnerable to a zero-day denial-of-service (DoS) condition caused by unbounded heap allocation on attacker-controlled input. The flaw, now tracked as CVE-2026-55407 and GHSA-f9qc-qg88-7pq5, affects buffa and connectrpc versions be...

· Jul 01, 2026 · 3 min read · 👁 1 views
Anthropic’s Buffa Rust Library 0-Day Vulnerability Enables DoS Attack

Anthropic’s Rust-based protobuf implementation, buffa, has been found vulnerable to a zero-day denial-of-service (DoS) condition caused by unbounded heap allocation on attacker-controlled input.

The flaw, now tracked as CVE-2026-55407 and GHSA-f9qc-qg88-7pq5, affects buffa and connectrpc versions before 0.8.0 and has been scored as CVSS 4.0/6.3 (Moderate). However, the real-world impact can scale to High or Critical depending on the deployment architecture.

The vulnerability was originally identified when Endor Labs’ AI SAST engine analyzed buffa’s codebase and flagged a suspicious data flow in the unknown-field decoder.

In the decode_unknown_field function, a length value is parsed directly from untrusted protobuf wire data, converted to a usize, and used to allocate a Vec<u8> without an explicit upper bound beyond basic type limits.

Anthropic’s Buffa Rust Library 0-Day

A guard ensures the buffer contains at least len bytes, preventing out-of-bounds reads, but does not constrain the allocation itself, leaving room for an attacker to force large heap allocations by supplying oversized length-delimited fields.

Initial review of this path suggested a roughly 2x amplification between input size and heap usage, which is significant but often manageable under strict input caps.

However, following the same function one branch further into the handling of WireType::StartGroup revealed a far more dangerous amplification vector.

In this branch, the decoder loops over nested unknown fields until it encounters a matching EndGroup tag, pushing each decoded field into a Vec-backed UnknownFields structure.

Because the cheapest nested field on the wire can be encoded in just two bytes, yet each result in an approximate 40-byte heap allocation plus growth overhead, a carefully crafted group can expand a relatively small input into a huge in-memory structure.

Endor Labs’ proof-of-concept demonstrated that a 64 MiB protobuf payload containing millions of minimal varint fields within a single unknown group could drive heap usage to around 1.4 GiB, about 22 times the input size.

When executed inside a Docker container with a 256 MiB memory limit, decoding such a message caused the process to be killed with exit code 137, confirming an out-of-memory DoS.

Crucially, the vulnerable code path is reachable via buffa’s default decoding APIs, including Message::decode and decode_from_slice, which means any service that decodes untrusted protobuf messages with preserve_unknown_fields enabled (the default) is potentially exposed.

Anthropic has released fixes in buffa and connectrpc version 0.8.0, implementing a configurable per-message limit on unknown fields that caps the maximum allocation overhead to roughly tens of megabytes, even under hostile input.

For environments that cannot immediately upgrade, a secondary mitigation is to regenerate code with preserve_unknown_fields=false, which turns off the retention of unknown fields and removes the primary sink from the data path.

Nonetheless, the discovery highlights that relying solely on input-size caps is insufficient, as the group amplification path can turn a seemingly safe message size into a process-fatal allocation.

Beyond the specific patch, the case is notable for how an AI-driven SAST engine uncovered a non-trivial, logic-level DoS vulnerability in a memory-safe Rust library by tracing untrusted data from source to heap allocation sink, rather than relying on pattern-based checks.

The coordinated disclosure between Endor Labs and Anthropic underscores the need for data-flow-aware analysis even in “safe” languages, especially in high-assurance components used around frontier AI systems.

Download Free Microsoft Vulnerabilities Report 2026
– A The latest Microsoft Vulnerabilities data, analyzed.

Download Now

Source: CybersecurityNews.com

Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Recommended for you