You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
protobuf
About this tag
The protobuf tag on WindowsForum.com covers security vulnerabilities and patches related to Google's Protocol Buffers (protobuf) serialization format. Discussions include CVE-2025-53605, a denial-of-service flaw in the Rust protobuf crate caused by uncontrolled recursion in CodedInputStream::skip_group, fixed in version 3.7.2. Another topic is CVE-2022-3509, a DoS vulnerability in the Java protobuf implementation triggered by crafted text-format messages leading to excessive garbage collection pauses. These threads emphasize the importance of upgrading protobuf libraries to patched versions and hardening systems that parse untrusted protobuf data.
The Rust ecosystem’s widely used protobuf crate contains a denial‑of‑service flaw: CVE‑2025‑53605 affects versions before 3.7.2 and permits uncontrolled recursion in protobuf::coded_input_stream::CodedInputStream::skip_group when processing unknown fields from untrusted input. The maintainers...
CVE-2022-3509 is a parsing bug in Google’s Protocol Buffers Java implementation that can be triggered by crafted text‑format messages to force excessive object churn and long JVM garbage‑collection pauses, producing a denial‑of‑service (DoS) condition in vulnerable applications; operators should...