Protobuf — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/protobuf/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 25 Mar 2026 21:04:21 +0000Protobuf PHP Library Denial of Service Vulnerabilityhttps://feed.craftedsignal.io/briefs/2026-03-protobuf-dos/Wed, 25 Mar 2026 21:04:21 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-protobuf-dos/A denial-of-service vulnerability exists in the Protobuf PHP library due to maliciously crafted messages with negative varints or deep recursion, leading to application crashes and impacting service availability.A high-severity denial-of-service (DoS) vulnerability has been identified in the Protobuf PHP library, affecting versions prior to 4.33.6. The vulnerability stems from the improper handling of maliciously structured Protocol Buffer messages. Specifically, messages containing negative varints or exhibiting deep recursion can trigger excessive resource consumption during parsing. This can lead to application crashes, thereby disrupting service availability. Patches addressing this vulnerability have been released in versions 5.34.0-RC1 and 4.33.6 of the Protobuf library. Defenders should prioritize updating vulnerable systems to these patched versions to mitigate potential exploitation.

Attack Chain

  1. An attacker crafts a malicious Protocol Buffer message.
  2. The message contains either negative varints or exploits deep recursion.
  3. The attacker sends the malicious message to a PHP application using the vulnerable Protobuf library.
  4. The PHP application attempts to parse the malicious message using the affected Protobuf library.
  5. During parsing, the negative varints or deep recursion trigger excessive resource consumption, such as CPU or memory.
  6. The application becomes unresponsive due to resource exhaustion.
  7. The application crashes, leading to a denial of service.

Impact

Successful exploitation of this vulnerability results in a denial-of-service condition, rendering affected applications unavailable. This can impact any service relying on the Protobuf PHP library to process untrusted data, such as APIs, message queues, or data storage systems. The number of affected services depends on the prevalence of the vulnerable Protobuf library within an organization’s infrastructure. This issue can lead to significant disruption and potential data loss or corruption if applications crash while processing critical data.

Recommendation

  • Upgrade the composer/google/protobuf package to version 4.33.6 or later to remediate the vulnerability.
  • Monitor web server logs for anomalous request patterns indicative of exploitation attempts targeting Protobuf message processing (webserver log source).
  • Implement rate limiting and input validation on services that process Protocol Buffer messages to mitigate the impact of malicious inputs (webserver log source).
]]>highadvisoryprotobufdosphp