{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/protobuf/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["protobuf","dos","php"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA high-severity denial-of-service (DoS) vulnerability has been identified in the Protobuf PHP library, affecting versions prior to 4.33.6. The vulnerability stems from the improper handling of maliciously structured Protocol Buffer messages. Specifically, messages containing negative varints or exhibiting deep recursion can trigger excessive resource consumption during parsing. This can lead to application crashes, thereby disrupting service availability. Patches addressing this vulnerability have been released in versions 5.34.0-RC1 and 4.33.6 of the Protobuf library. Defenders should prioritize updating vulnerable systems to these patched versions to mitigate potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a malicious Protocol Buffer message.\u003c/li\u003e\n\u003cli\u003eThe message contains either negative varints or exploits deep recursion.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious message to a PHP application using the vulnerable Protobuf library.\u003c/li\u003e\n\u003cli\u003eThe PHP application attempts to parse the malicious message using the affected Protobuf library.\u003c/li\u003e\n\u003cli\u003eDuring parsing, the negative varints or deep recursion trigger excessive resource consumption, such as CPU or memory.\u003c/li\u003e\n\u003cli\u003eThe application becomes unresponsive due to resource exhaustion.\u003c/li\u003e\n\u003cli\u003eThe application crashes, leading to a denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability results in a denial-of-service condition, rendering affected applications unavailable. This can impact any service relying on the Protobuf PHP library to process untrusted data, such as APIs, message queues, or data storage systems. The number of affected services depends on the prevalence of the vulnerable Protobuf library within an organization\u0026rsquo;s infrastructure. This issue can lead to significant disruption and potential data loss or corruption if applications crash while processing critical data.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the \u003ccode\u003ecomposer/google/protobuf\u003c/code\u003e package to version 4.33.6 or later to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for anomalous request patterns indicative of exploitation attempts targeting Protobuf message processing (webserver log source).\u003c/li\u003e\n\u003cli\u003eImplement rate limiting and input validation on services that process Protocol Buffer messages to mitigate the impact of malicious inputs (webserver log source).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-25T21:04:21Z","date_published":"2026-03-25T21:04:21Z","id":"/briefs/2026-03-protobuf-dos/","summary":"A denial-of-service vulnerability exists in the Protobuf PHP library due to maliciously crafted messages with negative varints or deep recursion, leading to application crashes and impacting service availability.","title":"Protobuf PHP Library Denial of Service Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-protobuf-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Protobuf","version":"https://jsonfeed.org/version/1.1"}