--- tags: - security - proof-of-concept - protobuf license: mit --- # Protocol Buffers Api methods materialization DoS PoC This repository contains a benign security research PoC for a `.pb` artifact that drives repeated-message materialization during `api_pb2.Api.ParseFromString(...)`. Files: - `control_one_name.pb` - `malicious_methods_5000000.pb` - `reproduce.py` Observed behavior: - control artifact: - parses successfully with no `methods` entries - malicious artifact: - parses successfully with `5,000,000` `methods` entries - materially increases peak RSS during normal parse Tested runtime: ```bash python3 -m pip install protobuf==7.35.1 ```