Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
PHP Protobuf: Malicious Messages Can Crash Your Application
GHSA-qjfj-3mm5-vrjg
Summary
A security issue in the PHP Protobuf library can cause your application to crash if it receives a specially crafted message. This can happen if you're not careful when processing input from unknown sources. Update the PHP Protobuf library to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| composer | protobuf | < 4.33.6 |
Original title
Withdrawn Advisory: Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion
Original description
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references.
## Original Description
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
This advisory has been withdrawn because it is a duplicate of GHSA-p2gh-cfq4-4wjc. This link is maintained to preserve external references.
## Original Description
A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.
ghsa CVSS4.0
7.1
Vulnerability type
CWE-20
Improper Input Validation
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026