hacnho's picture
Upload README.md with huggingface_hub
b70ee30 verified
|
Raw
History Blame Contribute Delete
723 Bytes
---
tags:
- security
- proof-of-concept
- protobuf
license: mit
---
# Protocol Buffers Value struct_value.fields materialization DoS PoC
This repository contains a benign security research PoC for a `.pb` artifact
that drives repeated map-entry materialization during
`struct_pb2.Value.ParseFromString(...)`.
Files:
- `control_one_struct_value.pb`
- `malicious_struct_value_fields_1400000.pb`
- `reproduce.py`
Observed behavior:
- control artifact:
- parses successfully with one `struct_value` field
- malicious artifact:
- parses successfully with `1,400,000` nested struct fields
- materially increases peak RSS during normal parse
Tested runtime:
```bash
python3 -m pip install protobuf==7.35.1
```