Anthropic’s Rust-based protocol buffer implementation, known as buffa, has been identified as vulnerable to a zero-day denial-of-service (DoS) condition. This flaw, now designated as CVE-2026-55407 and GHSA-f9qc-qg88-7pq5, arises from unbounded heap allocation triggered by attacker-controlled input. The vulnerability affects buffa and connectrpc versions prior to 0.8.0 and has been assigned a CVSS score of 6.3, indicating a moderate severity level. However, the actual impact can escalate to high or critical, depending on the specific deployment architecture.
The issue was initially discovered when Endor Labs’ AI-driven static application security testing (SAST) engine analyzed buffa’s codebase and flagged a suspicious data flow within the unknown-field decoder. Specifically, in the decode_unknown_field function, a length value is parsed directly from untrusted protobuf wire data, converted to a usize, and used to allocate a Vec<u8> without an explicit upper bound, apart from basic type limits.
While a guard ensures the buffer contains at least the specified number of bytes, preventing out-of-bounds reads, it does not constrain the allocation itself. This oversight allows an attacker to force large heap allocations by supplying oversized length-delimited fields. Initial assessments suggested a roughly 2x amplification between input size and heap usage, which, though significant, is often manageable under strict input caps.
However, further examination revealed a more dangerous amplification vector within the handling of WireType::StartGroup. In this branch, the decoder loops over nested unknown fields until it encounters a matching EndGroup tag, pushing each decoded field into a Vec-backed UnknownFields structure. A carefully crafted group can expand a relatively small input into a massive in-memory structure, as the smallest nested field can be encoded in just two bytes but result in approximately 40 bytes of heap allocation plus growth overhead.
Endor Labs’ proof-of-concept demonstrated that a 64 MiB protobuf payload containing millions of minimal varint fields within a single unknown group could drive heap usage to around 1.4 GiB, about 22 times the input size. When executed inside a Docker container with a 256 MiB memory limit, decoding such a message caused the process to be terminated with exit code 137, confirming an out-of-memory DoS scenario.
Crucially, the vulnerable code path is accessible via buffa’s default decoding APIs, including Message::decode and decode_from_slice. This means any service that decodes untrusted protobuf messages with preserve_unknown_fields enabled (the default setting) is potentially exposed to this vulnerability.
In response, Anthropic has released fixes in buffa and connectrpc version 0.8.0. These updates implement a configurable per-message limit on unknown fields, capping the maximum allocation overhead to roughly tens of megabytes, even under hostile input conditions. For environments that cannot immediately upgrade, a secondary mitigation involves regenerating code with preserve_unknown_fields=false, which disables the retention of unknown fields and removes the primary sink from the data path.
This discovery underscores the limitations of relying solely on input-size caps, as the group amplification path can transform a seemingly safe message size into a process-fatal allocation. Moreover, it highlights the effectiveness of AI-driven SAST tools in uncovering complex vulnerabilities that might elude traditional analysis methods.
As the adoption of Rust continues to grow, particularly in security-sensitive applications, this incident serves as a reminder of the importance of rigorous code analysis and the need for proactive vulnerability management. Developers and organizations utilizing buffa should prioritize updating to the latest version to mitigate potential risks associated with this vulnerability.