Buffa
Monthly
Uncontrolled heap amplification in Buffa's protobuf decoder allows an unauthenticated remote attacker to crash any network-facing Rust service that decodes untrusted protobuf input under the default code-generation settings, with no exploit code required beyond a well-formed serialized message. The amplification mechanism - roughly 22× for nested StartGroup unknown fields - means a 64 MiB payload can force approximately 1.4 GiB of heap allocation, exhausting process memory and terminating the service. No active exploitation is confirmed (not in CISA KEV), and no public proof-of-concept has been identified at time of analysis, but the attack is trivially constructible from the public advisory.
Use-after-free in Buffa's OwnedView<V> type allows safe Rust calling code to hold field references that outlive the backing buffer, enabling read of freed heap memory and information disclosure. Affected are all Buffa releases prior to 0.7.0 (CPE: cpe:2.3:a:anthropics:buffa:*:*:*:*:*:*:*:*). The flaw is a soundness violation - no unsafe code in the caller is required - making it particularly insidious in a memory-safe language context. No public exploit identified at time of analysis and no CISA KEV listing; the CVSS 4.0 score of 5.9 reflects the high-complexity exploitation conditions acknowledged by the vendor.
Uncontrolled heap amplification in Buffa's protobuf decoder allows an unauthenticated remote attacker to crash any network-facing Rust service that decodes untrusted protobuf input under the default code-generation settings, with no exploit code required beyond a well-formed serialized message. The amplification mechanism - roughly 22× for nested StartGroup unknown fields - means a 64 MiB payload can force approximately 1.4 GiB of heap allocation, exhausting process memory and terminating the service. No active exploitation is confirmed (not in CISA KEV), and no public proof-of-concept has been identified at time of analysis, but the attack is trivially constructible from the public advisory.
Use-after-free in Buffa's OwnedView<V> type allows safe Rust calling code to hold field references that outlive the backing buffer, enabling read of freed heap memory and information disclosure. Affected are all Buffa releases prior to 0.7.0 (CPE: cpe:2.3:a:anthropics:buffa:*:*:*:*:*:*:*:*). The flaw is a soundness violation - no unsafe code in the caller is required - making it particularly insidious in a memory-safe language context. No public exploit identified at time of analysis and no CISA KEV listing; the CVSS 4.0 score of 5.9 reflects the high-complexity exploitation conditions acknowledged by the vendor.