Use After Free in Anthropics Buffa

CVE-2026-55406

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.7.0, a soundness bug in the OwnedView<V> type allowed safe Rust code to trigger a use-after-free: the OwnedView::decode constructor…

Vulnerability class: Information Disclosure

Affected products

Weakness classification (CWE)

References