Resource exhaustion in Anthropics Buffa

CVE-2026-55407

Buffa is a pure-Rust Protocol Buffers implementation with first-class protobuf editions support. Prior to 0.8.0, the decode_unknown_field function in buffa's protobuf decoder allocated heap memory in proportion to untrusted input (unknown…

Vulnerability class: DoS (Denial of Service)

Affected products

Weakness classification (CWE)

References