Protocol Buffers (protobuf) is Google's language-neutral serialization format and the wire format underneath gRPC. It is how a huge share of modern service-to-service traffic is encoded, and its runtime libraries ship for every major language — protobuf on PyPI, protobuf-java on Maven, the C++ core, and protobufjs on npm — usually arriving transitively through gRPC clients, service meshes, and API SDKs. Because protobuf's entire purpose is to parse compact binary messages that often originate from another service or an untrusted client, its security profile is dominated by a single theme: what a parser does when handed a hostile message. The result is a set of real denial-of-service CVEs that span the official implementations, plus one critical prototype-pollution bug in the JavaScript runtime. If you terminate gRPC or decode protobuf from outside your trust boundary, these matter.
The notable historical CVEs
protobuf's advisories cluster around parsing pathologies — messages crafted to make the decoder consume unbounded CPU, memory, or stack. These are all real, published advisories:
- CVE-2021-22569 — a denial of service in
protobuf-java. Parsing a small (roughly 800 KB) malicious payload with many short-lived objects forced repeated garbage-collection pauses, letting the parser be tied up for minutes. Fixed inprotobuf-java3.16.1,3.18.2, and3.19.2. - CVE-2022-1941 — a denial of service in the C++ and Python implementations. A specially crafted message could drive the parser into excessive memory use and an out-of-memory crash. Fixed in the Python
protobufpackage at3.18.3,3.19.5,3.20.2, and4.21.6. - CVE-2024-7254 — an uncontrolled-recursion denial of service affecting the official runtimes broadly. Parsing untrusted data with a series of nested groups (repeated group start tags) created unbounded recursion that overflowed the stack and crashed the process. Fixed in
3.25.5,4.27.5, and4.28.2across the affected language runtimes.
Separately, the JavaScript runtime has a code-safety issue rather than a DoS: CVE-2023-36665 is a critical prototype-pollution vulnerability in protobufjs (affecting the 6.10.0 through 7.2.4 range). A user-controlled message, or untrusted input to functions such as parse, load, or the option setters, could pollute Object.prototype — adding or overwriting properties on every object in the process. Fixed in protobufjs 7.2.5.
The through-line is that protobuf parsing is a trust boundary. A decoder that is perfectly safe on well-formed internal traffic can be forced to exhaust a resource, or in the JavaScript case corrupt the object model, when the bytes come from somewhere you do not control.
Common misuse and risks
- Parsing messages from outside your trust boundary on an old runtime. The DoS CVEs are realized when a public gRPC endpoint, a webhook, or a client upload feeds a crafted message into an unpatched parser. A single small payload can stall or crash the process.
- Assuming binary is harder to attack than JSON. protobuf's compactness does not make it safe; the nested-group recursion (CVE-2024-7254) and the memory blowups are triggered by structure, not size.
- Trusting
protobufjswith untrusted input. In Node.js, parsing an attacker-controlled message or loading an untrusted schema on a vulnerable version could pollute the prototype (CVE-2023-36665), which is a route to broader compromise. - No message-size or depth limits. gRPC and protobuf runtimes let you cap message size and nesting depth, and code that leaves those wide open makes resource-exhaustion attacks far easier.
How to use protobuf safely
Set the version floor per runtime: for Python protobuf, run 4.21.6 or later (a current release in 2026 is well above this); for protobuf-java, run a release including the CVE-2024-7254 fix — 3.25.5, 4.27.5, or 4.28.2 or later; for protobufjs, run 7.2.5 or later. Those floors clear the parsing DoS cluster and, for JavaScript, the prototype-pollution fix.
Then treat decoding as untrusted-input handling:
- Enforce message-size and recursion-depth limits. Configure your gRPC server and protobuf runtime with a sane maximum message size and nesting depth so a crafted message cannot exhaust memory or the stack, independent of the CVE fixes.
- Validate after parsing. A successfully decoded message is still untrusted; apply your own schema and business-rule validation before acting on its contents.
- Isolate public-facing decoding. Terminate untrusted gRPC or protobuf intake in a service with resource limits and restart-on-crash, so a DoS is contained rather than cascading.
- Never load untrusted schemas in
protobufjs. Treat.protofiles and dynamic parsing input as code, and keep them from attacker control. - Pin and monitor. Lock every runtime — including the transitive gRPC and SDK copies — and confirm each is on a patched release.
How to monitor protobuf with SCA and reachability
protobuf runtimes appear across polyglot service stacks, almost always transitively through gRPC and API SDKs, so a scanner will flag them broadly and in several languages at once. The bare finding tells you protobuf is present; what decides urgency is whether your service actually parses messages from outside its trust boundary, and whether each runtime — Python, Java, C++, and JavaScript alike — is patched.
Safeguard's software composition analysis resolves your dependency graph across ecosystems, surfaces every protobuf and gRPC runtime in the tree, and adds call-path reachability so a parsing-DoS advisory on a service that actually decodes untrusted input is separated from an internal-only client that never sees hostile messages. When a bump is warranted, autonomous auto-fix opens a tested pull request, and Griffin AI explains the exposure — including which runtime and which entry point are at issue. Developers run the same analysis locally and in CI with the Safeguard CLI, and teams comparing tools can review the pricing.
Bring continuous, prioritized dependency analysis to your service and API stack — get started free or read the documentation.
Frequently Asked Questions
Which protobuf version is safe in 2026?
It depends on the runtime. For the Python protobuf package, run 4.21.6 or later (current releases are well beyond this); for protobuf-java, run a release that includes the CVE-2024-7254 fix — 3.25.5, 4.27.5, or 4.28.2 or later; and for protobufjs in Node.js, run 7.2.5 or later to clear the prototype-pollution fix. Keep the transitive gRPC and SDK copies current too.
Why are protobuf's main CVEs denial of service?
Because parsing untrusted binary is protobuf's core job, and the sharpest attacks make the decoder consume unbounded resources. CVE-2021-22569 forced garbage-collection thrashing in Java, CVE-2022-1941 drove the C++/Python parser to an out-of-memory crash, and CVE-2024-7254 used deeply nested groups to overflow the stack. All are triggered by message structure, not just size.
Is protobuf.js affected by anything worse than DoS?
Yes. CVE-2023-36665 is a critical prototype-pollution bug in protobufjs: a user-controlled message or untrusted schema input could add or overwrite properties on Object.prototype, affecting every object in the process. Upgrade to protobufjs 7.2.5 or later, and never load untrusted .proto schemas or parse attacker-controlled input on an unpatched version.
How do I know if a protobuf CVE actually affects my app?
Use reachability-aware SCA. It enumerates every protobuf and gRPC runtime across your languages and traces whether your service reaches a decoding path that handles messages from outside your trust boundary — so you can prioritize a public-facing, unpatched parser over an internal-only client that never sees untrusted input.