The binary format has a default recursion depth of 10,000. And that depth is configurable via proto.UnmarshalOptions. But the protojson package has no such limit. So if a schema allows arbitrary depth (such as using a recursive/hierarchical type, mutually recursive types, or open-ended JSON types such as google.protobuf.Value), an attacker can easily trigger a stack overflow, which results in a process crashing. Since a stack overflow is a fatal error, not a panic, it cannot be handled via recover, which. makes this a serious DOS issue.
The binary format has a default recursion depth of 10,000. And that depth is configurable via
proto.UnmarshalOptions. But theprotojsonpackage has no such limit. So if a schema allows arbitrary depth (such as using a recursive/hierarchical type, mutually recursive types, or open-ended JSON types such asgoogle.protobuf.Value), an attacker can easily trigger a stack overflow, which results in a process crashing. Since a stack overflow is a fatal error, not a panic, it cannot be handled viarecover, which. makes this a serious DOS issue.