Anthropic’s Rust Library *buffa* Hit by Zero-Day DoS Vulnerability (CVE-2026-55407)
A critical denial-of-service (DoS) vulnerability has been discovered in buffa, Anthropic’s Rust-based Protocol Buffers (protobuf) implementation, stemming from unbounded heap allocation triggered by attacker-controlled input. The flaw, tracked as CVE-2026-55407 (CVSS 4.0: 6.3, Moderate), can escalate to High or Critical severity depending on deployment architecture, affecting buffa and connectrpc versions prior to 0.8.0.
Root Cause & Exploitation
The vulnerability was identified by Endor Labs’ AI-powered SAST engine, which flagged a risky data flow in buffa’s decode_unknown_field function. The issue arises when parsing untrusted protobuf wire data, where an attacker-supplied length value is used to allocate a Vec<u8> without an upper bound. While a guard prevents out-of-bounds reads, it fails to constrain heap allocation, allowing oversized inputs to force excessive memory usage.
A more severe amplification vector was found in the handling of WireType::StartGroup, where nested unknown fields each encoded in as little as two bytes trigger ~40-byte heap allocations per field plus overhead. A proof-of-concept demonstrated that a 64 MiB payload could balloon into 1.4 GiB of heap usage (a 22x amplification), crashing processes in memory-constrained environments (e.g., Docker containers with a 256 MiB limit).
Impact & Affected Systems
The vulnerability is reachable via buffa’s default decoding APIs (Message::decode, decode_from_slice) when preserve_unknown_fields is enabled (the default setting). Any service processing untrusted protobuf messages is at risk, with potential outcomes including process termination due to out-of-memory errors.
Mitigation & Fixes
Anthropic released version 0.8.0 of buffa and connectrpc, introducing a configurable per-message limit on unknown fields to cap allocation overhead. For systems unable to upgrade immediately, a workaround involves regenerating protobuf code with preserve_unknown_fields=false, disabling the vulnerable data path.
Broader Implications
The discovery underscores the limitations of input-size caps in preventing DoS attacks, as even "safe" message sizes can trigger catastrophic allocations via amplification vectors. Notably, the flaw was uncovered using AI-driven static analysis, highlighting the need for data-flow-aware security tools even in memory-safe languages like Rust particularly for high-assurance components in AI systems. The coordinated disclosure between Endor Labs and Anthropic reflects growing collaboration in securing critical infrastructure.
Source: https://cybersecuritynews.com/anthropics-buffa-rust-library-0-day-vulnerability-enables-dos-attack/
Anthropic cybersecurity rating report: https://www.rankiteo.com/company/anthropicresearch
"id": "ANT1782908643",
"linkid": "anthropicresearch",
"type": "Vulnerability",
"date": "1/2026",
"severity": "60",
"impact": "1",
"explanation": "Attack without any consequences"
{'affected_entities': [{'industry': 'Artificial Intelligence / Software '
'Development',
'name': 'Anthropic',
'type': 'Company'}],
'attack_vector': 'Untrusted protobuf wire data with attacker-controlled input',
'description': 'A critical denial-of-service (DoS) vulnerability has been '
'discovered in *buffa*, Anthropic’s Rust-based Protocol '
'Buffers (protobuf) implementation, stemming from unbounded '
'heap allocation triggered by attacker-controlled input. The '
'flaw, tracked as CVE-2026-55407 (CVSS 4.0: 6.3, Moderate), '
'can escalate to High or Critical severity depending on '
'deployment architecture, affecting *buffa* and *connectrpc* '
'versions prior to 0.8.0.',
'impact': {'downtime': 'Process termination due to out-of-memory errors',
'operational_impact': 'Crashes in memory-constrained environments '
'(e.g., Docker containers with 256 MiB '
'limit)',
'systems_affected': 'Services processing untrusted protobuf '
'messages with *buffa* or *connectrpc* '
'(versions < 0.8.0)'},
'lessons_learned': 'The discovery underscores the limitations of input-size '
"caps in preventing DoS attacks, as even 'safe' message "
'sizes can trigger catastrophic allocations via '
'amplification vectors. Highlights the need for '
'data-flow-aware security tools even in memory-safe '
'languages like Rust, particularly for high-assurance '
'components in AI systems.',
'post_incident_analysis': {'corrective_actions': 'Introduced configurable '
'per-message limit on '
'unknown fields in version '
'0.8.0. Workaround: Disable '
'`preserve_unknown_fields` '
'in protobuf code '
'generation.',
'root_causes': 'Unbounded heap allocation in '
'*buffa*’s `decode_unknown_field` '
'function when parsing untrusted '
'protobuf wire data. Amplification '
'vector in `WireType::StartGroup` '
'handling, where nested unknown '
'fields trigger excessive memory '
'usage.'},
'recommendations': 'Use AI-driven static analysis tools to identify risky '
'data flows in memory-safe languages. Implement '
'configurable limits on heap allocations for untrusted '
'inputs. Coordinate disclosures between security '
'researchers and vendors to secure critical '
'infrastructure.',
'references': [{'source': 'Endor Labs'}],
'response': {'communication_strategy': 'Coordinated disclosure between Endor '
'Labs and Anthropic',
'containment_measures': 'Configurable per-message limit on '
'unknown fields (introduced in version '
'0.8.0)',
'remediation_measures': 'Upgrade to *buffa* and *connectrpc* '
'version 0.8.0; workaround: regenerate '
'protobuf code with '
'`preserve_unknown_fields=false`',
'third_party_assistance': 'Endor Labs (AI-powered SAST engine)'},
'title': 'Anthropic’s Rust Library *buffa* Hit by Zero-Day DoS Vulnerability '
'(CVE-2026-55407)',
'type': 'Denial-of-Service (DoS)',
'vulnerability_exploited': 'CVE-2026-55407 (Unbounded heap allocation in '
'`decode_unknown_field` function)'}