--- tags: - security - proof-of-concept - protobuf license: mit --- # Protocol Buffers Value struct_value.fields materialization DoS PoC This repository contains a benign security research PoC for a `.pb` artifact that drives repeated map-entry materialization during `struct_pb2.Value.ParseFromString(...)`. Files: - `control_one_struct_value.pb` - `malicious_struct_value_fields_1400000.pb` - `reproduce.py` Observed behavior: - control artifact: - parses successfully with one `struct_value` field - malicious artifact: - parses successfully with `1,400,000` nested struct fields - materially increases peak RSS during normal parse Tested runtime: ```bash python3 -m pip install protobuf==7.35.1 ```